Re: netscape security hole
A long time ago, in a galaxy far, far way, someone said...
> On NPR's Morning Edition they described a security hole in Netscape
> versions 4.73 and earlier that allows 'infection' by access to
> 'nasty' web sites. It is said to put your hard drive at risk some
> way.
>
> I assume this is a Windows problem, BUT does anybody know what this
> hole is and whether Linux is susceptible? (Probably only the user's
> files would be at risk at worst.)
Yes, Linux is vulnerable. The 'virus' in question is a Java applet what
exploits bugs in Netscape's Java implementation.
The 'virus' implements a web server on port 8080, giving anyone who
bothers to look ro access to all mounted file systems.
The solution:
* Stick yourself behind a firewall, preferably one that does NAT (aka IP
Masquerading).
- or -
* Don't use java on Netscape.
--
----------------------------------------------------------------------
Phil Brutsche pbrutsch@tux.creighton.edu
"There are two things that are infinite; Human stupidity and the
universe. And I'm not sure about the universe." - Albert Einstien
Reply to: