Re: netscape security hole

To: David Teague <dbt@tinuviel.cs.wcu.edu>
Cc: debian-user@lists.debian.org
Subject: Re: netscape security hole
From: Phil Brutsche <pbrutsch@tux.creighton.edu>
Date: Tue, 8 Aug 2000 18:11:30 -0500 (CDT)
Message-id: <Pine.LNX.4.21.0008081808500.1527-100000@tux.creighton.edu>
In-reply-to: <Pine.LNX.4.21.0008081736260.3748-100000@tinuviel.cs.wcu.edu>

A long time ago, in a galaxy far, far way, someone said...

> On NPR's Morning Edition they described a security hole in Netscape
> versions 4.73 and earlier that allows 'infection' by access to
> 'nasty' web sites. It is said to put your hard drive at risk some
> way.
> 
> I assume this is a Windows problem, BUT does anybody know what this
> hole is and whether Linux is susceptible? (Probably only the user's
> files would be at risk at worst.)

Yes, Linux is vulnerable.  The 'virus' in question is a Java applet what
exploits bugs in Netscape's Java implementation.

The 'virus' implements a web server on port 8080, giving anyone who
bothers to look ro access to all mounted file systems.

The solution:
 * Stick yourself behind a firewall, preferably one that does NAT (aka IP
   Masquerading).
   - or -
 * Don't use java on Netscape.

-- 
----------------------------------------------------------------------
Phil Brutsche				    pbrutsch@tux.creighton.edu

"There are two things that are infinite; Human stupidity and the
universe. And I'm not sure about the universe." - Albert Einstien

Reply to:

Follow-Ups:
- Re: netscape security hole
  - From: Marko Cehaja <marko@perlbroker.2y.net>

References:
- netscape security hole
  - From: David Teague <dbt@tinuviel.cs.wcu.edu>

Prev by Date: Re: some questions
Next by Date: Re: netscape bookmarks in both win and linux
Previous by thread: netscape security hole
Next by thread: Re: netscape security hole
Index(es):
- Date
- Thread