Hacker News
new
|
past
|
comments
|
ask
|
show
|
jobs
|
submit
login
MichaelGG
on Jan 27, 2015
|
parent
|
context
|
favorite
| on:
CVE-2015-0235 – GHOST: glibc gethostbyname buffer ...
Care to point out all the RCEs that exist in the millions of lines of C# and Java out there? Apart from exec/eval I don't recall seeing a single one (I'm sure there's a few where they interop or use unsafe code.)
kevinr
on Jan 27, 2015
[–]
http://www.cvedetails.com/vulnerability-list/vendor_id-45/pr...
That's 12 just in one of the more popular Java web frameworks.
RCE is possible in
any
language.
MichaelGG
on Jan 27, 2015
|
parent
[–]
Those appear to be all exec/eval type bugs. Yes, if you do "eval($querystring)" you've got a problem in any language, including C.
Guidelines
|
FAQ
|
Lists
|
API
|
Security
|
Legal
|
Apply to YC
|
Contact
Search:
