Bugtraq mailing list archives

Netscape 4.x buffer overflow

From: mbreuer () SIAC COM (Michael Breuer)
Date: Fri, 15 Oct 1999 09:21:13 -0400


I have found a buffer overflow in Netscape Communicator probably affecting all versions. The problem occurs when 
Communicator
attempts to validate any key where the key length is > 2k.  I have tested this on 4.61 and 4.7, unix (Irix) and 
Windows.  Netscape
has been notified of the problem and expect a fix for 4.8.

As the problem manifests during the check of the key, any portion of the key chain which has a key > 2k triggers the 
problem.  Thus,
the potential for widespread DoS attacks via email.  I suspect, but have not pursued, the possibility of exploiting the 
overflow to
execute arbitrary code.

--
Michael Breuer
mbreuer () siac com

Current thread:

PAM applications running as root (Was Re: WebTrends Enterprise Reporting Server) Darren Moffat (Oct 14)
- Re: PAM applications running as root (Was Re: WebTrends Enterprise Alan Cox (Oct 15)
- OpenLink 3.2 Advisory Tymm Twillman (Oct 15)
- execve bug linux-2.2.12 ben () VALINUX COM (Oct 15)
  - Netscape 4.x buffer overflow Michael Breuer (Oct 15)
    - Netscape 4.x buffer overflow Max Vision (Oct 18)
  - Re: execve bug linux-2.2.12 Perly (Oct 15)
  - Re: execve bug linux-2.2.12 visi0n (Oct 15)
  - Re: execve bug linux-2.2.12 Alan Cox (Oct 16)
    - Re: execve bug linux-2.2.12 ben () VALINUX COM (Oct 16)
    - Re: execve bug linux-2.2.12 Matt Chapman (Oct 18)
    - Re: execve bug linux-2.2.12 Taneli Huuskonen (Oct 19)
    - Re: execve bug linux-2.2.12 Alan Cox (Oct 20)
    - Microsoft Security Bulletin (MS99-044) Aleph One (Oct 20)
    - Re: execve bug linux-2.2.12 Timo Felbinger (Oct 20)

(Thread continues...)