Re: netscape security hole
On 10-Aug-2000 Marko Cehaja wrote:
> Dear
>
> On Tue, Aug 08, 2000 at 05:44:45PM -0400, David Teague wrote:
>>
>> On NPR's Morning Edition they described a security hole in Netscape
>> versions 4.73 and earlier that allows 'infection' by access to
>> 'nasty' web sites. It is said to put your hard drive at risk some
>> way.
>>
>> I assume this is a Windows problem, BUT does anybody know what this
>> hole is and whether Linux is susceptible? (Probably only the user's
>> files would be at risk at worst.)
>>
>
> That is a hole in Netscape & SDK which it internally uses. What happens
> is simply that javascript executes (very fast and without notice) and
Javascript ??? It's a java *applet* and it's available at
http://www.brumleve.com/BrownOrifice/
> it makes your Netscape a web-server. Your IP could be tracked down by
> the server where you got the javascript, and somebody else could browse
Since it's executed by a (perl) cgi script, your adress can be taken easily from
the cgi environment.
> through your files, and take informations. However, the hole is in the
> Netscape, they can't browse directories which are disabled to be readable
> by "others".
On *nix of course it can only access files that you have access to.
> Files could be deleted or read, if one set it up in that javascript.
>
> That hole in Netscape is not the hole in Linux or in Debian OS, because
> there are also other ways to intrude the system and see what is there.
>
> It is responsibility of the system administrator to ensure what kind of
> software does he install and if he can trust that company which made it.
>
> But anybody who has properly set up the ipchains, should be pretty much
> secure and imune to that. That java-web-server runs on some different port,
> so if you you know ports you allow to access and which services should
> run on those ports, even when you execute that javascript, nobody could
> access any of your files.
>
> The story is somewhere on /.
>
> Sincerely,
> Marko Cehaja
>
Reply to: