[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: netscape bug
"Vladimir Z. Nuri" writes:
> none of the articles mention that the cracker must have login access
> to the computer that the random numbers are generated on. is this true?
> does the code require knowledge of the PID etc. that can only be obtained
> by a login to the system that the netscape session is running on?
You can guess the PID without much trouble -- they are 15 bit numbers.
> P.M. notes that anywhere there is a data-driven buffer overflow (which
> he suspects are all over netscape) he can get code to execute anything
> he wants. this reminds me of the
> Morris internet worm that ran exactly the same way.
That was one of the first wide exploits of the trick, yes.
> my question: I have not seen the specifics of how this works. does
> this require specialized knowledge of the native machine language on the
> host machine?
Yes. However, its very straightforward to do.
The recent syslog(3) problem was of this nature, by the way.
Perry