james-server-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Danny Angus" <da...@apache.org>
Subject RE: Sendmail Buffer Overflow
Date Tue, 04 Mar 2003 22:54:31 GMT
> In general, how would buffer overflows impact James? Since it is 
> Java-based
> and internal string and character representation isn't as loose 
> as C/C++, I
> would expect that this type of error probably wouldn't be common.

Its difficult to see how any attack on James could lead to a root exploit when you consider
the added layer of abstraction and security provided by the java virtual machine. 
Most successful attacks on James would likely be DOS attacks and would lead to an exception
being propogated up to the JVM and james dying, or the consumption of available resources
until James hangs.
Thats not to say we're complacent, if anyone wants to demonstrate otherwise we'd certainly
take steps to protect James against workable exploits.

d.



---------------------------------------------------------------------
To unsubscribe, e-mail: james-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: james-user-help@jakarta.apache.org


Mime
View raw message