Bugtraq mailing list archives
Re: Dangerous Java/Netscape Security Hole
From: "Michael H. Warfield" <mhw () WITTSEND COM>
Date: Mon, 7 Aug 2000 14:56:47 -0400
On Mon, Aug 07, 2000 at 07:40:30AM +0000, tkuiper () TOBIT COM wrote:
which versions are affected, even Netscape 6 PRE?
Netscape 6 pre1 has expired and Netscape 6 pre2 isn't officially released yet. Mozilla, from mozilla.org, appear to NOT be (at least not the latest from CVS, I don't know about M16 which is what Netscape 6 pre1 was based on). That may not be good news, though. Mozilla gets an error trying to download the class file saying "downloader plugin not found". Not sure what will happen when that gets fixed. It may end up being vulnerable after all.
Best Regards, Thomas
-------- Original Message -------- Subject: Dangerous Java/Netscape Security Hole (07-Aug-2000 9:35) From: dan=security () BRUMLEVE COM To: tkuiper () TOBIT COM Dear BugTraq, I've found some security holes in Java and Netscape that allow arbitrary network access and read-access for local files and directories. As a demonstration I've written Brown Orifice HTTPD, a web server and file sharing tool that runs in Netscape Communicator on all tested platforms. For more information, see: http://www.brumleve.com/BrownOrifice Thomas Kuiper | tkuiper () tobit com | www.tobit.com __ Core Development | ICQ #8345483 | /__/\ Tobit Software | PGP Key on Request | ask your server. \__\/ To: dan=security () BRUMLEVE COM BUGTRAQ () SECURITYFOCUS COM
-- Michael H. Warfield | (770) 985-6132 | mhw () WittsEnd com (The Mad Wizard) | (770) 331-2437 | http://www.wittsend.com/mhw/ NIC whois: MHW9 | An optimist believes we live in the best of all PGP Key: 0xDF1DD471 | possible worlds. A pessimist is sure of it!
Current thread:
- Dangerous Java/Netscape Security Hole Dan Brumleve (Aug 07)
- Brown Orifice HTTPD Directory Traversal Vulnerability (was Re: Dangerous Java/Netscape Security Hole) TAKAGI, Hiromitsu (Aug 08)
- Re: Brown Orifice HTTPD Directory Traversal Vulnerability (was Re: Dangerous Java/Netscape Security Hole) Michael H. Warfield (Aug 09)
- <Possible follow-ups>
- Re: Dangerous Java/Netscape Security Hole tkuiper (Aug 07)
- Re: Dangerous Java/Netscape Security Hole Michael H. Warfield (Aug 07)
- Re: Dangerous Java/Netscape Security Hole Art Savelev (Aug 08)
- Re: Dangerous Java/Netscape Security Hole Andrew L . Davis (Aug 08)
- Brown Orifice HTTPD Directory Traversal Vulnerability (was Re: Dangerous Java/Netscape Security Hole) TAKAGI, Hiromitsu (Aug 08)