Bugtraq mailing list archives

Re: MDKSA-2000:036 - netscape update

From: Kris Kennaway <kris () FREEBSD ORG>
Date: Mon, 28 Aug 2000 08:54:26 -0700

On Mon, 21 Aug 2000, Linux Mandrake Security Team wrote:

Problem Description:

 There exists a problem in all versions of Netscape from 4.0 to 4.74
 with Java enabled.  Under certain conditions, Netscape can be turned
 into a server that serves files on your local hard drive that Netscape
 has read access to and remote people can access it by connecting their
 web client to port 8080 on your machine if they know the IP address.
 This vulnerability has been fixed in Netscape 4.75.


This is not the vulnerability at all, but a single instance of an exploit
for it.

IMO, this advisory is misleading since just blocking port 8080 does not
work around the problem.

Kris

--
In God we Trust -- all others must submit an X.509 certificate.
    -- Charles Forsythe <forsythe () alum mit edu>

Current thread:

MDKSA-2000:036 - netscape update Linux Mandrake Security Team (Aug 21)
- Re: MDKSA-2000:036 - netscape update Kris Kennaway (Aug 28)