[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Another Netscape Bug (and possible security hole)

To: [email protected]
Subject: Re: Another Netscape Bug (and possible security hole)
From: Ray Cromwell <[email protected]>
Date: Fri, 22 Sep 1995 13:13:49 -0400 (EDT)
Cc: [email protected], [email protected]
In-Reply-To: <[email protected]> from "Perry E. Metzger" at Sep 22, 95 08:36:01 am
Sender: [email protected]

Perry writes:
> > These buffer overflow bugs should be taught in every programming
> > 101 course along with fencepost errors.
> > 
> > I'm not even sure if I want to write the obligatory program to exploit
> > the hack given that some malicious jerk would probably use it
> > on his home page to attack people.
> 
> The problem is that if you don't produce a (benign) exploit people
> aren't going to take it seriously enough.

  Yeah, I guessed that. I'll work on it, I have a few doubts I have
to research first. For instance, how to embed code in the domain that
1) server/client processing won't "cook" and 2) contains no isolated
zero bytes which would null terminate the string.

  My current idea is to look in Netscape for an "exec" routine,
and call it passing a "/bin/csh" to it.

  Irregardless, it's a nasty bug given that you can crash anyone's
netscape. And on Mac/Win3.1, it may even require a reboot.

-Ray

Follow-Ups:
- Re: Another Netscape Bug (and possible security hole)
  - From: sameer <[email protected]>
- Re: Another Netscape Bug (and possible security hole)
  - From: Laurent Demailly <[email protected]>

References:
- Re: Another Netscape Bug (and possible security hole)
  - From: "Perry E. Metzger" <[email protected]>

Prev by Date: Re: Another Netscape Bug (and possible security hole)
Next by Date: Re: Another Netscape Bug (and possible security hole)
Prev by thread: Re: Another Netscape Bug (and possible security hole)
Next by thread: Re: Another Netscape Bug (and possible security hole)
Index(es):
- Date
- Thread