Bugtraq mailing list archives
Re: Netscape 4 DoS/Possibly exploitable buffer overflow. (fwd)
From: btirg () UI UIS DOLETA GOV (Roland Grefer)
Date: Thu, 19 Feb 1998 12:56:53 -0500
Here we go again ... Roland Date: Wed, 18 Feb 1998 15:57:37 -0500 (EST) From: Roland Grefer <btirg () uis doleta gov> To: bugtraq () netspace org Subject: Re: Netscape 4 DoS/Possibly exploitable buffer overflow. Netscape 4.04 on NT 4.0 with SP3 has a buffer overflow in bookmarks, too. Tests with strings up to 3976 bytes did not cause any problems; strings of 3977 bytes length and above crashed netscape while it was loading the bookmark file. The "Dr. Watson" log file did not reveal any obvious indications. Test entry in bookmark.htm (all in one line): <DT><A HREF="http://www.test.org/" ADD_DATE="886800988" LAST_VISIT="886801023" LAST_MODIFIED="886800975">String_of_3977_byte_length</A> Any insights regarding this length (buffer size) are welcome. The total line length including the 4 leading blanks is 4090 bytes. I would have expected a somewhat more "standard" buffer size of a multiple of 1024 (in this case: 4096) to be the limit/problem. I have not reported this issue to Netscape. I did not find any reference to this issue in the FAQs and bug reports at Netscape's web site. Regards, Roland On Mon, 12 Jan 1998, Laslo Orto wrote:
Netscape (version verified is 4.03) has a buffer overflow bug in their bookmarks code. When somebody goes to a web page with a very long title (6-8k) and then s/he bookmarks the page, netscape will start crashing at loading bookmark.htm on startup. It's similar to the IE4 bug discovered not long ago, but here you have to get the victim to bookmark the attackers page. Laslo Orto Computer Pages / Better.Net Systems Administrator 253 Sheppard Ave. West laslo () cpol com / laslo () Better net Toronto, Canada M2N 1N2 www.cpol.com / www.better.net Ph: +1 416 225 3030 Fax: +1 416 225 6737
-- - - - - - - - - - - - - - - - - - - - - - - - - - + - - - - - - - - - - - - Roland Grefer | Department of Labor | Ph: +1-202-219-8432x329 Senior Systems Analyst | Nat'l Office ETA/UIS/DIT | Fx: +1-202-219-8506 -=|=- -=|=- -=|=- -=|=-| 200 Constitution Ave, NW | -=|=- -=|=- -=|=- -=|=- Base Technologies, Inc | Washington, DC 20210 | btirg () uis doleta gov - - - - - - - - - - - - - - Speaking for myself - + - - - - - - - - - - - -
Current thread:
- Re: Netscape 4 DoS/Possibly exploitable buffer overflow. (fwd) Roland Grefer (Feb 19)
- atx motherboard powerbug (fwd) Andrea Arcangeli (Feb 19)
- Re: Netscape 4 DoS/Possibly exploitable buffer overflow. SubLett (Feb 19)