OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: Dangerous Java/Netscape Security Hole
From: Dan Brumleve (dan+securityBRUMLEVE.COM)
Date: Fri Aug 04 2000 - 21:04:29 CDT


Dear BugTraq,

I've found some security holes in Java and Netscape
that allow arbitrary network access and read-access
for local files and directories. As a demonstration
I've written Brown Orifice HTTPD, a web server and file
sharing tool that runs in Netscape Communicator on all
tested platforms. For more information, see:

http://www.brumleve.com/BrownOrifice

--
Dan Brumleve <dan+securitybrumleve.com>