Bugtraq mailing list archives
Re: BrownOrifice can break firewalls!
From: "TAKAGI, Hiromitsu" <takagi () ETL GO JP>
Date: Thu, 24 Aug 2000 09:53:52 +0900
On Sat, 12 Aug 2000 05:33:29 +0900 "TAKAGI, Hiromitsu" <takagi () ETL GO JP> wrote:
On Thu, 10 Aug 2000 09:04:32 +0200 "Greulich, Andreas" <Andreas.Greulich () ISB ADMIN CH> wrote:I am quite surprised about the low echo the newest bug in Netscapes Java library (see http://www.brumleve.com/BrownOrifice/) receives. I am quite worried about it because I think its impact is much higher than the "WWW-server-applet" you find on above page.This can be verified by trying the following refined proof of concept Applet. http://java-house.etl.go.jp/~takagi/java/test/Brumleve-BrownOrifice-modified-netscape.net.URLConnection/Test.html
I have confirmed that "about:global" url also can be used to exploit. This makes the problem more serious. Regards, -- Hiromitsu Takagi Electrotechnical Laboratory http://www.etl.go.jp/~takagi/
Current thread:
- BrownOrifice can break firewalls! Greulich, Andreas (Aug 10)
- Re: BrownOrifice can break firewalls! TAKAGI, Hiromitsu (Aug 14)
- Re: BrownOrifice can break firewalls! Alexey Yarovinsky (Aug 17)
- JDK 1.1.x Listening Socket Vulnerability (was Re: BrownOrifice can break firewalls!) TAKAGI, Hiromitsu (Aug 18)
- Re: BrownOrifice can break firewalls! TAKAGI, Hiromitsu (Aug 25)
- Re: BrownOrifice can break firewalls! NOW MSIE Alexey Yarovinsky (Aug 21)
- Re: BrownOrifice can break firewalls! NOW MSIE TAKAGI, Hiromitsu (Aug 23)
- Re: BrownOrifice can break firewalls! TAKAGI, Hiromitsu (Aug 14)