[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Impact of Netscape kernel hole

To: Adam Shostack <[email protected]>, [email protected] (John Young)
Subject: Re: Impact of Netscape kernel hole
From: [email protected]
Date: Sat, 14 Jun 1997 22:40:53 -0700
Cc: [email protected], [email protected]
Sender: [email protected]


At 10:28 AM 6/14/97 -0400, Adam Shostack wrote:
>
>
>| >Tim's post (although refuted by Marc) raises some serious issues since I
>| >suspect that Joe Public has his secret key sitting in c:\pgp\secring.pgp
>
>	Are FAT file lists stored as files?

not exactly.  you cannot just open and read. you must jump hoops; but does
the nscp hole allow execution of arbitrary code?  that would be much worse
....

>
>	On a Unix box, /. refers to the file containing directory
>entries, the list of files in the directory.  If there is an analogous
>file on a dos box, you can explore.  

so, no: not unless you can write your own foreign code and run it on the
victim pc.


(Does the bug work on Unix?  I've
>heard it only works if java or livescript are turned on, so it hasn't
>worried me enough to investigate.)
>
>Adam
>
>
>
>-- 
>"It is seldom that liberty of any kind is lost all at once."
>					               -Hume
>
>
>
>

Prev by Date: Netscape Exploit
Next by Date: We need more surveillance--a morality play about terrorism
Prev by thread: Re: Impact of Netscape kernel hole
Next by thread: Re: Impact of Netscape kernel hole
Index(es):
- Date
- Thread