Bugtraq mailing list archives
Ray Cromwell: YET ANOTHER BAD NETSCAPE HOLE!
From: perry () piermont com (Perry E. Metzger)
Date: Fri, 22 Sep 1995 08:46:24 -0400
Ray has been finding lots and lots of buffer overflow bugs in netscape -- http: url's with overlong domain parts fandango on stack, possibly permitting you to execute arbitrary code on people's machines. However, he just found this fun thing! ------- Forwarded Message From: Ray Cromwell <rjc () clark net> Message-Id: <199509220830.EAA13828 () clark net> Subject: YET ANOTHER BAD NETSCAPE HOLE! To: cypherpunks () toad com Date: Fri, 22 Sep 1995 04:30:03 -0400 (EDT)
On the bright side, mailto: hyperlinks containing extra-long domain names seem to be handled comparatively safely in both Netscape and Mosaic. (Perhaps they just have longer buffers ? ;)
Good question. My guess is, Netscape doesn't do any processing on the mailto: hyperlink at all, but merely passes it to a real mail delivery agent like Sendmail (or it uses MAPI under Win'95). Which begs the question, if Netscape is executing an external delivery agent, there may be the possiblity of sneaking an attack in there and getting the shell to execute something. Hmm, let me try something. WOW!! Unbelievable! Stop the presses! I Can't believe no one ever discovered this before! Try a page with the following URL <a href="mailto:blah () foo com|xterm&"> test </a> Muahaha! Yet another security hole! Clicking on this mailto brings up an xterm on my machine! Simply change the xterm& to "rm -rf /" and bingo! Sheesh. I better stop before I am on Netscape's most hated list. - -Ray ------- End of Forwarded Message
Current thread:
- Re: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995, (continued)
- Re: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995 Karl Strickland (Sep 18)
- Netscape SSL implementation cracked! (fwd) sameer (Sep 18)
- Re: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995 Paul Ashton (Sep 18)
- Re: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995 andy () btc uwe ac uk (Sep 19)
- Re: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995 Goetz von Escher (Sep 19)
- Re: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995 Ian MacPhedran (Sep 20)
- Re: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995 Casper Dik (Sep 21)
- Re: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995 Pat The Friendly RedNeck (Sep 22)
- Re: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995 Casper Dik (Sep 25)
- Random seed (fwd) Darrell Fuhriman (Sep 25)
- Ray Cromwell: YET ANOTHER BAD NETSCAPE HOLE! Perry E. Metzger (Sep 22)
- Re: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995 Sten Gunterberg (Sep 21)
- Re: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995 Jim Shankland (Sep 22)
- Re: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995 andy () BTC UWE AC UK (Sep 25)