This just in: Netscape Vulnerability
Tom Guilderson
twg3 at mediaone.net
Fri Aug 11 02:02:25 EDT 2000
I was able to verify this vulnerability. If you exit Netscape
completely it gets killed. Fortunately I am behind a firewall
preventing anyone outside getting in.
David Lapointe wrote:
>
> This came from the Mandrake security list. I can't demonstrate the vulnerability though,
> likely related to my firewall.
>
> Problem Description:
>
> There exists a problem in all versions of Netscape with Java enabled.
> Under certain conditions, Netscape can be turned into a server that
> serves files on your local hard drive that Netscape has read access to
> and remote people can access it by connecting their web client to port
> 8080 on your machine if they know the IP address. For a demonstration
> of this vulnerability visit http://www.brumleve.com/BrownOrifice/.
> ________________________________________________________________________
>
> Linux-Mandrake recommends you disable Java to make Netscape invulnerable
> to this exploit. You can disable Java by hand in Edit -> Preferences ->
> Advanced. You can also remove the preferences.js file by using:
>
> rm -f ~/.netscape/preferences.js
> _
>
> --
> .david
> David Lapointe
> "Hokey religions and ancient weapons are no
> match for a good blaster at your side, kid,"
> -
> Subcription/unsubscription/info requests: send e-mail with
> "subscribe", "unsubscribe", or "info" on the first line of the
> message body to discuss-request at blu.org (Subject line is ignored).
--
Tom Guilderson
-
Subcription/unsubscription/info requests: send e-mail with
"subscribe", "unsubscribe", or "info" on the first line of the
message body to discuss-request at blu.org (Subject line is ignored).
More information about the Discuss
mailing list