Bugtraq mailing list archives
Re: Netscape FastTrack httpd remote exploit
From: vision () WHITEHATS COM (Max Vision)
Date: Fri, 31 Dec 1999 11:51:44 -0800
Hi, This attack can now be detected by the following IDS signatures: http://dev.whitehats.com/cgi/test/new.pl/Show?_id=web-netscape-overflow-unixware http://dev.whitehats.com/cgi/test/new.pl/Show?_id=outgoing_xterm http://dev.whitehats.com/cgi/test/new.pl/Show?_id=nops-x86 These signatures are also available as part of http://dev.whitehats.com/ids/vision.conf Note that each record includes packet traces from usage of an actual exploit attempt. Max Vision http://whitehats.com/ <- free tools, forums, IDS database http://maxvision.net/ On Fri, 31 Dec 1999, Brock Tellier wrote:
OVERVIEW A vulnerability in Netscape FastTrack 2.01a will allow any remote user to execute commands as the user running the httpd daemon (probably nobody). This service is running by default on a standard UnixWare 7.1 installation. /** uwhelp.c - remote exploit for UnixWare's Netscape FastTrack ** 2.01a scohelp http service **
Current thread:
- Netscape FastTrack httpd remote exploit Brock Tellier (Dec 31)
- Re: Netscape FastTrack httpd remote exploit Max Vision (Dec 31)