[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: netscape security hole

A long time ago, in a galaxy far, far way, someone said...

> On NPR's Morning Edition they described a security hole in Netscape
> versions 4.73 and earlier that allows 'infection' by access to
> 'nasty' web sites. It is said to put your hard drive at risk some
> way.
> I assume this is a Windows problem, BUT does anybody know what this
> hole is and whether Linux is susceptible? (Probably only the user's
> files would be at risk at worst.)

Yes, Linux is vulnerable.  The 'virus' in question is a Java applet what
exploits bugs in Netscape's Java implementation.

The 'virus' implements a web server on port 8080, giving anyone who
bothers to look ro access to all mounted file systems.

The solution:
 * Stick yourself behind a firewall, preferably one that does NAT (aka IP
   - or -
 * Don't use java on Netscape.

Phil Brutsche				    pbrutsch@tux.creighton.edu

"There are two things that are infinite; Human stupidity and the
universe. And I'm not sure about the universe." - Albert Einstien

Reply to: