From: owner-cypherpunks@toad.com
Date: Thu, 22 Feb 1996 19:07:26 +0800
Subject: No Subject
Message-ID: <QQadzw27096.199602221100@relay3.UU.NET>
MIME-Version: 1.0
Content-Type: text/plain



Well, folks, I told you so. Sorry to be nasty about it.

> Date: Sun, 18 Feb 1996 23:57:02 -0500
> From: Drew Dean <ddean@CS.Princeton.EDU>
> Subject: Java security problems
> 
> We have discovered a serious security problem with Netscape Navigator's 2.0
> Java implementation.  (The problem is also present in the 1.0 release of the
> Java Development Kit from Sun.)  An applet is normally allowed to connect
> only to the host from which it was loaded.  However, this restriction is not
> properly enforced.  A malicious applet can open a connection to an arbitrary
> host on the Internet.  At this point, bugs in any TCP/IP-based network
> service can be exploited.  We have implemented (as a proof of concept) an
> exploitation of an old sendmail bug.
[...]
> A second, also serious, bug exists in javap, the bytecode
> disassembler.  An overly long method name can overflow a stack
> allocated buffer, potentially causing arbitrary native code to be
> executed.  The problem is an unchecked sprintf() call, just like the
> syslog(3) problem last year.
[...]