NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Bugtraq> 2000-08

Subject: Re: Dangerous Java/Netscape Security Hole
From: Art Savelev (asavelevENI-NET.NET)
Date: Mon Aug 07 2000 - 16:19:08 CDT

Next message: debian-security-announceLISTS.DEBIAN.ORG: "[Security] ntop remote file exploitability"
Previous message: Michael H. Warfield: "Re: Dangerous Java/Netscape Security Hole"
In reply to: tkuiperTOBIT.COM: "Re: Dangerous Java/Netscape Security Hole"
Next in thread: Andrew L . Davis: "Re: Dangerous Java/Netscape Security Hole"
Next in thread: TAKAGI, Hiromitsu: "Brown Orifice HTTPD Directory Traversal Vulnerability (was Re: Dangerous Java/Netscape Security Hole)"
Reply: Art Savelev: "Re: Dangerous Java/Netscape Security Hole"
Reply: Andrew L . Davis: "Re: Dangerous Java/Netscape Security Hole"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Doesn't work in Mozilla M16, kills Netscape 6 Preview 1 (which is M15
look at http://www.mozilla.org/projects/seamonkey/milestones/ ).
Works in 4.74 though. ;-)

Tested on W2K Pro, no SP1.

tkuiperTOBIT.COM wrote:

> which versions are affected, even Netscape 6 PRE?
>
> Best Regards,
> Thomas
>
> -------- Original Message --------
> Subject: Dangerous Java/Netscape Security Hole (07-Aug-2000 9:35)
> From: dan=securityBRUMLEVE.COM
> To: tkuiperTOBIT.COM
>
> Dear BugTraq,
>
> I've found some security holes in Java and Netscape
> that allow arbitrary network access and read-access
> for local files and directories. As a demonstration
> I've written Brown Orifice HTTPD, a web server and file
> sharing tool that runs in Netscape Communicator on all
> tested platforms. For more information, see:
>
> http://www.brumleve.com/BrownOrifice
>
> Thomas Kuiper | tkuipertobit.com | www.tobit.com __
> Core Development | ICQ #8345483 | /__/\
> Tobit Software | PGP Key on Request | ask your server. \__\/
>
> To: dan=securityBRUMLEVE.COM
> BUGTRAQSECURITYFOCUS.COM

--
Art Savelev
617-969-7777
http://www.eni-net.com

Next message: debian-security-announceLISTS.DEBIAN.ORG: "[Security] ntop remote file exploitability"
Previous message: Michael H. Warfield: "Re: Dangerous Java/Netscape Security Hole"
In reply to: tkuiperTOBIT.COM: "Re: Dangerous Java/Netscape Security Hole"
Next in thread: Andrew L . Davis: "Re: Dangerous Java/Netscape Security Hole"
Next in thread: TAKAGI, Hiromitsu: "Brown Orifice HTTPD Directory Traversal Vulnerability (was Re: Dangerous Java/Netscape Security Hole)"
Reply: Art Savelev: "Re: Dangerous Java/Netscape Security Hole"
Reply: Andrew L . Davis: "Re: Dangerous Java/Netscape Security Hole"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]