From owner-freebsd-java@FreeBSD.ORG  Mon Dec  6 15:45:33 2004
Return-Path: <owner-freebsd-java@FreeBSD.ORG>
Delivered-To: freebsd-java@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id E6E7016A4CE
	for <freebsd-java@freebsd.org>; Mon,  6 Dec 2004 15:45:33 +0000 (GMT)
Received: from misty.eyesbeyond.com (glewis.dsl.xmission.com [166.70.56.15])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 4739F43D41
	for <freebsd-java@freebsd.org>; Mon,  6 Dec 2004 15:45:33 +0000 (GMT)
	(envelope-from glewis@eyesbeyond.com)
Received: from misty.eyesbeyond.com (localhost.eyesbeyond.com [127.0.0.1])
	iB6FjL5A018949;	Mon, 6 Dec 2004 08:45:22 -0700 (MST)
	(envelope-from glewis@eyesbeyond.com)
Received: (from glewis@localhost)
	by misty.eyesbeyond.com (8.12.11/8.12.11/Submit) id iB6FjKTf018948;
	Mon, 6 Dec 2004 08:45:20 -0700 (MST)
	(envelope-from glewis@eyesbeyond.com)
X-Authentication-Warning: misty.eyesbeyond.com: glewis set sender to
	glewis@eyesbeyond.com using -f
Date: Mon, 6 Dec 2004 08:45:20 -0700
From: Greg Lewis <glewis@eyesbeyond.com>
To: Panagiotis Astithas <past@ebs.gr>
Message-ID: <20041206154520.GA18843@misty.eyesbeyond.com>
References: <20041124161926.GB10910@misty.eyesbeyond.com>
	<41B4181E.10704@ebs.gr>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <41B4181E.10704@ebs.gr>
User-Agent: Mutt/1.4.2.1i
cc: freebsd-java@freebsd.org
Subject: Re: [glewis@freebsd.org: cvs commit: ports/java/jdk14 Makefile]
X-BeenThere: freebsd-java@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Porting Java to FreeBSD <freebsd-java.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-java>,
	<mailto:freebsd-java-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-java>
List-Post: <mailto:freebsd-java@freebsd.org>
List-Help: <mailto:freebsd-java-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-java>,
	<mailto:freebsd-java-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 06 Dec 2004 15:45:34 -0000

On Mon, Dec 06, 2004 at 10:28:14AM +0200, Panagiotis Astithas wrote:
> There seems to be another vulnerability:
> 
> Java 1.4.2_05 also has a vulnerability in the serialization APIs (used 
> by RMI) that allows to overload a remote JVM [and drive uptime loads
> to the 100s].
> 
> http://www.securityfocus.com/archive/1/382309
> 
> I suppose we are vulnerable to that, too.

Yes, but I'm not as concerned about a DOS attack as I am about a
vulnerability which allows writing to your hard drive.

-- 
Greg Lewis                          Email   : glewis@eyesbeyond.com
Eyes Beyond                         Web     : http://www.eyesbeyond.com
Information Technology              FreeBSD : glewis@FreeBSD.org