Re: Dangerous Java/Netscape Security Hole

["Michael H. Warfield" <mhw () WITTSEND COM>]

On Mon, Aug 07, 2000 at 07:40:30AM +0000, tkuiper () TOBIT COM wrote:
> which versions are affected, even Netscape 6 PRE?

        Netscape 6 pre1 has expired and Netscape 6 pre2 isn't officially
released yet.  Mozilla, from mozilla.org, appear to NOT be (at least not
the latest from CVS, I don't know about M16 which is what Netscape 6 pre1
was based on).  That may not be good news, though.  Mozilla gets an error
trying to download the class file saying "downloader plugin not found".
Not sure what will happen when that gets fixed.  It may end up being
vulnerable after all.

> Best Regards,
> Thomas


> -------- Original Message --------
> Subject: Dangerous Java/Netscape Security Hole (07-Aug-2000 9:35)
> From:    dan=security () BRUMLEVE COM
> To:      tkuiper () TOBIT COM
>
> Dear BugTraq,
>
> I've found some security holes in Java and Netscape
> that allow arbitrary network access and read-access
> for local files and directories.  As a demonstration
> I've written Brown Orifice HTTPD, a web server and file
> sharing tool that runs in Netscape Communicator on all
> tested platforms.  For more information, see:
>
> http://www.brumleve.com/BrownOrifice
>
>
> Thomas Kuiper    | tkuiper () tobit com         | www.tobit.com     __
> Core Development | ICQ #8345483              |                  /__/\
> Tobit Software   | PGP Key on Request        | ask your server. \__\/
>
>
>
> To: dan=security () BRUMLEVE COM
>     BUGTRAQ () SECURITYFOCUS COM

--
 Michael H. Warfield    |  (770) 985-6132   |  mhw () WittsEnd com
  (The Mad Wizard)      |  (770) 331-2437   |  http://www.wittsend.com/mhw/
  NIC whois:  MHW9      |  An optimist believes we live in the best of all
 PGP Key: 0xDF1DD471    |  possible worlds.  A pessimist is sure of it!