Bugtraq mailing list archives
Re: Buffer Overflow still exists in Netscape <= 4.76
From: fish stiqz <fish () ANALOG ORG>
Date: Tue, 16 Jan 2001 14:40:03 -0500
Frank v Waveren <fvw () var cx> wrote:
No dice, apart from a slight rendering bug if you go to the end of the password field, it doesn't appear to have any problems here. [/home/fvw] netscape -v Netscape Lite 4.76/U.S., 06-Oct-00; (c) 1995-2000 Netscape Communications Corp. [/home/fvw] rpm -qi netscape-navigator Name : netscape-navigator Relocations: /usr Version : 4.76 Vendor: Red Hat, Inc. Release : 0.6.2 Build Date: Mon Nov 13 18:47:54 2000 Size : 7690589 License: Commercial Packager : Red Hat, Inc. <http://bugzilla.redhat.com/bugzilla> Summary : The Netscape Navigator Web browser.
The dice is rolling over here. This is the exact rpm from the redhat update ftp site. The md5sum matches the one listed on their website (see below), and it crashes with the pages I listed on the original post: -> http://fish.analog.org/~fish/crash_netscape2.html $ cat /etc/redhat-release Red Hat Linux release 6.2 (Zoot) $ md5sum netscape-navigator-4.76-0.6.2.i386.rpm 670b08cbad1097f4ca923071c202b5dd netscape-navigator-4.76-0.6.2.i386.rpm - Same rpm listed at http://www.redhat.com/support/errata/RHSA-2000-109.html: 670b08cbad1097f4ca923071c202b5dd 6.2/i386/netscape-navigator-4.76-0.6.2.i386.rpm $ rpm -qi netscape-navigator Name : netscape-navigator Relocations: /usr Version : 4.76 Vendor: Red Hat, Inc. Release : 0.6.2 Build Date: Mon 13 Nov 2000 12:47:54 PM EST Install date: Tue 16 Jan 2001 01:45:38 PM EST Build Host: porky.devel.redhat.com Group : Applications/Internet Source RPM: netscape-4.76-0.6.2.src.rpm Size : 7690589 License: Commercial Packager : Red Hat, Inc. <http://bugzilla.redhat.com/bugzilla> Summary : The Netscape Navigator Web browser. Description : Netscape Navigator is the industry-leading Web browser. It supports the latest HTML standards, Java, JavaScript and some style sheets. Information on the Netscape Navigator license may be found in the file /usr/doc/netscape-common-%{version}/LICENSE. This will install the basic Netscape Navigator Web browser. If you want additional features, such as the Usenet news reader and HTML editor, you should install the netscape-communicator package. - This is the same version you are using! It definitely crashes for me, (see below). $ rpm -qf /usr/lib/netscape/netscape-navigator netscape-navigator-4.76-0.6.2 $ gdb /usr/lib/netscape/netscape-navigator GNU gdb 19991004 Copyright 1998 Free Software Foundation, Inc. GDB is free software, covered by the GNU General Public License, and you are welcome to change it and/or distribute copies of it under certain conditions. Type "show copying" to see the conditions. There is absolutely no warranty for GDB. Type "show warranty" for details. This GDB was configured as "i386-redhat-linux"... (no debugging symbols found)... (gdb) set args http://fish.analog.org/~fish/crash_netscape2.html (gdb) run Starting program: /usr/lib/netscape/netscape-navigator http://fish.analog.org/~fish/crash_netscape2.html Program received signal SIGSEGV, Segmentation fault. 0x4002c4d3 in XtCallCallbackList () from /usr/X11R6/lib/libXt.so.6 (gdb) info all-registers eax 0x40063bc4 1074150340 ecx 0x41414141 1094795585 edx 0x186a0 100000 ebx 0x40065a2c 1074158124 esp 0xbfffdab4 -1073751372 ebp 0xbfffdac8 -1073751352 esi 0xbfffdb90 -1073751152 edi 0x41414145 1094795589 eip 0x4002c4d3 1073923283 eflags 0x10202 66050 <snip> I have also gotten this to crash on the latest debian-unstable. $ dpkg --print-avail netscape Package: netscape Priority: optional Section: contrib/web Installed-Size: 22 Maintainer: Ryan Murray <rmurray () debian org> Architecture: i386 Source: netscape4.base Version: 1:4.76-1 Depends: communicator | navigator Exactly what did you do that it didn't segfault on you? In all my tests Netscape has died either as soon as the page loads or as soon as you try to go somewhere else (or reload). -- +---------------------------------------------------------------------------+ | fish stiqz <fish () analog org> <*)))-< ** yum, yum, delicious ** | +---------------------------------------------------------------------------+
Current thread:
- Buffer Overflow still exists in Netscape <= 4.76 fish stiqz (Jan 16)
- Re: Buffer Overflow still exists in Netscape <= 4.76 Szilveszter Adam (Jan 16)
- Re: Buffer Overflow still exists in Netscape <= 4.76 Frank v Waveren (Jan 16)
- Re: Buffer Overflow still exists in Netscape <= 4.76 fish stiqz (Jan 16)
- Re: Buffer Overflow still exists in Netscape <= 4.76 Arthur Clune (Jan 17)
- Re: Buffer Overflow still exists in Netscape <= 4.76 Henryk Plötz (Jan 23)
- Re: Buffer Overflow still exists in Netscape <= 4.76 fish stiqz (Jan 16)