[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Another Netscape Bug (and possible security hole)



	Suggestion: Once you figure out how to exploit it for a
particular platform write a cgi-script which checks the USER_AGENT (or
whatever it is called) environment variable to make sure the netscape
that has reached your exploit is the same platform as the exploit was
written for.

> 
> Perry writes:
> > > These buffer overflow bugs should be taught in every programming
> > > 101 course along with fencepost errors.
> > > 
> > > I'm not even sure if I want to write the obligatory program to exploit
> > > the hack given that some malicious jerk would probably use it
> > > on his home page to attack people.
> > 
> > The problem is that if you don't produce a (benign) exploit people
> > aren't going to take it seriously enough.
> 
>   Yeah, I guessed that. I'll work on it, I have a few doubts I have
> to research first. For instance, how to embed code in the domain that
> 1) server/client processing won't "cook" and 2) contains no isolated
> zero bytes which would null terminate the string.
> 
>   My current idea is to look in Netscape for an "exec" routine,
> and call it passing a "/bin/csh" to it.
> 
>   Irregardless, it's a nasty bug given that you can crash anyone's
> netscape. And on Mac/Win3.1, it may even require a reboot.
> 
> -Ray
>  
> 
>  
> 
>   
> 
> 
> 


-- 
sameer						Voice:   510-601-9777
Community ConneXion				FAX:	 510-601-9734
An Internet Privacy Provider			Dialin:  510-658-6376
http://www.c2.org (or login as "guest")			[email protected]