OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: Re: Dangerous Java/Netscape Security Hole
From: Michael H. Warfield (mhwWITTSEND.COM)
Date: Mon Aug 07 2000 - 13:56:47 CDT

On Mon, Aug 07, 2000 at 07:40:30AM +0000, tkuiperTOBIT.COM wrote:
> which versions are affected, even Netscape 6 PRE?

        Netscape 6 pre1 has expired and Netscape 6 pre2 isn't officially
released yet. Mozilla, from mozilla.org, appear to NOT be (at least not
the latest from CVS, I don't know about M16 which is what Netscape 6 pre1
was based on). That may not be good news, though. Mozilla gets an error
trying to download the class file saying "downloader plugin not found".
Not sure what will happen when that gets fixed. It may end up being
vulnerable after all.

> Best Regards,
> Thomas

> -------- Original Message --------
> Subject: Dangerous Java/Netscape Security Hole (07-Aug-2000 9:35)
> From: dan=securityBRUMLEVE.COM
> To: tkuiperTOBIT.COM
>
> Dear BugTraq,
>
> I've found some security holes in Java and Netscape
> that allow arbitrary network access and read-access
> for local files and directories. As a demonstration
> I've written Brown Orifice HTTPD, a web server and file
> sharing tool that runs in Netscape Communicator on all
> tested platforms. For more information, see:
>
> http://www.brumleve.com/BrownOrifice
>
>
> Thomas Kuiper | tkuipertobit.com | www.tobit.com __
> Core Development | ICQ #8345483 | /__/\
> Tobit Software | PGP Key on Request | ask your server. \__\/
>
>
>
> To: dan=securityBRUMLEVE.COM
> BUGTRAQSECURITYFOCUS.COM 

--
 Michael H. Warfield    |  (770) 985-6132   |  mhwWittsEnd.com
  (The Mad Wizard)      |  (770) 331-2437   |  http://www.wittsend.com/mhw/
  NIC whois:  MHW9      |  An optimist believes we live in the best of all
 PGP Key: 0xDF1DD471    |  possible worlds.  A pessimist is sure of it!