Bugtraq mailing list archives
Re: Is _your_ Netscape under remote control
From: espel () clipper ens fr (Roger Espel Llima)
Date: Sat, 25 May 1996 02:11:47 +0200
[...] In short: Netscape can be remote controlled by all users who have access to someone's X Server.and if the browsing user has an open X display anyone can then log into their account. Obviously this would be worse if root was running Netscape. This could also be used to have an idle netscape visit various pages of dubious virtue and bookmark them all, then the prankster can stop by the victim and have a laugh at their expense...I don't see this as a security problem. If you have access to someone's X server, that someone's security can easily be compromised. It is possible to log all keys typed, generate fake keyboard and mouse input, close windows or just plain quit the X server.
Still, there is a significant gap between sniffing/denial of service and executing shell commands. From what I've seen, security-conscious X clients (such as xterm) have traditionally made sure they ignored syntetic keyboard events, and didn't provide any kind of shell-capable remote X interface. Although un-secured X servers are very much a bad idea, I consider it a security hole when an X client can be tricked into executing arbitrary commands via X. Netscape is a major offender with a documented, easy to use "remote" interface, but there are others. GNU Emacs (not XEmacs) will happily take syntetic (fake) events. Note that most versions of Netscape are broken in other ways too; JavaScript code can send email behind your back by filling a hidden form with action a "mailto:" and then form.submit()ting it, and several bugs have been found in Java's bytecode verifier (see the paper at http://www.cs.princeton.edu/sip/pub/secure96.html). -Roger -- e-mail: roger.espel.llima () ens fr WWW & PGP key: http://eleves.ens.fr:8080/home/espel/index.html
Current thread:
- Re: /dev/openprom problems - Solaris 1 or Solaris 2, (continued)
- Re: /dev/openprom problems - Solaris 1 or Solaris 2 Dan Stromberg (May 26)
- Is _your_ Netscape under remote control martinh () mailhost emap co uk (May 24)
- Re: Is _your_ Netscape under remote control Chris Burris (May 24)
- CIAC Bulletin G-25: SUN statd Program Vulnerability David Crawford (May 24)
- Re: Is _your_ Netscape under remote control Phillip Wherry (May 24)
- Re: Is _your_ Netscape under remote control Dave Taylor (May 23)
- Re: Is _your_ Netscape under remote control Darrell Fuhriman (May 24)
- Re: Is _your_ Netscape under remote control Dave Horsfall (May 25)
- Re: Is _your_ Netscape under remote control Wolfgang Ley (May 27)
- Re: Is _your_ Netscape under remote control Sven Neuhaus (May 24)
- Re: Is _your_ Netscape under remote control Roger Espel Llima (May 24)