[security] window of vulnerability

From: mei <mei@xxxxxx>
Date: Tue, 27 Feb 2007 22:23:08 +0100

Hello,
I heard several times people talking about a security issue known as window of vulnerability.
I am not sure to be capable of explaining it correctly, but it is more or less about having a concurrent thread accessing a code normally protected, that would trigger within a window of vulnerability eventually opened by the thread running the protection mechanism.
I would like to know if it is only a theoretical problem or if it can happen on real conditions? In my mind, I think that we should be able to enforce the executions in a particular order, and this depends on too many parameters to be controlled.
Mei.
.

Follow-Ups:
- Re: window of vulnerability
  - From: Daniel Pitts

Prev by Date: Re: System.arrayCopy Vs array clone
Next by Date: Do I need to keep all the Java updates?
Previous by thread: System.arrayCopy Vs array clone
Next by thread: Re: window of vulnerability
Index(es):
- Date
- Thread

Relevant Pages

Re: window of vulnerability
... that would trigger within a window of vulnerability ... have to be explicit by using some sort of synchronization. ... my question is more oriented toward a security issue. ...
(comp.lang.java.programmer)
Re: window of vulnerability
... I heard several times people talking about a security issue known as ... that would trigger within a window of vulnerability ... have to be explicit by using some sort of synchronization. ...
(comp.lang.java.programmer)
SYMSA-2007-002: Palm OS Treo Find Feature System Password Bypass
... Advisory ID: SYMSA-2007-002 ... vulnerability to retrieve information from a locked device. ... This will open the Find window on the bottom half of the screen. ... Symantec Vulnerability Research Advisory Archive: ...
(Bugtraq)
Re: window of vulnerability
... that would trigger within a window of vulnerability ... have to be explicit by using some sort of synchronization. ... I recently picked up a copy of "Java Concurrency in Practice" <http:// ...
(comp.lang.java.programmer)
[Full-disclosure] Computer Terrorism Security Advisory (Reclassification) - Microsoft Internet Explo
... Explorer JavaScript Window() DoS vulnerability, ... to an offset of which we have no control, ... clearly reflects the improbable scenario for remote code execution. ...
(Full-Disclosure)