Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Netscape Communicator 4.5 can read local files

From: panther () DSIS NET (The Spirit of the Black Panther)
Date: Mon, 23 Nov 1998 20:49:37 +0000

Georgi Guninski wrote:


There is a bug in Netscape Communicator 4.5 for Windows 95 and 4.05 for
WinNT 4.0
(probably others) which allows reading files from the user's computer.
It is not necessary the file name to be known, because directories may
be browsed.
The contents of the file may be sent to an arbitrary host. In order this
to work, you need both Java and Javascript
enabled. The bug may be exploited by email message.

Demonstration is available at:
http://www.geocities.com/ResearchTriangle/1711/b6.html

Workaround: Disable Javascript or Java.



I have just tested this bug in Netscape 4.5 on a RedHat Linux 5.1 machine,
Kermel 2.0.34 and with minor patching of the java, it is also effective.  I
was sucessful in retrieving ANY LOCAL FILE with the World readable
attribute. This includes the /etc/passwd file!  In netscape,
Edit>Preferences>Advanced>Disable Javascript in Mail and News will block
this exploit, unless the person has access to your web server.
Previous By Date Next
Previous By Thread Next

Current thread: