|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: Re: MDKSA-2000:036 - netscape update
From: Kris Kennaway (kris
FREEBSD.ORG)Date: Mon Aug 28 2000 - 10:54:26 CDT
- Next message: Peter Gründl: "Intel Express Switch 500 series DoS"
- Previous message: Dug Song: "Kerberos password authentication issues"
- In reply to: Linux Mandrake Security Team: "MDKSA-2000:036 - netscape update"
- Reply: Kris Kennaway: "Re: MDKSA-2000:036 - netscape update"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Mon, 21 Aug 2000, Linux Mandrake Security Team wrote:
> Problem Description:
>
> There exists a problem in all versions of Netscape from 4.0 to 4.74
> with Java enabled. Under certain conditions, Netscape can be turned
> into a server that serves files on your local hard drive that Netscape
> has read access to and remote people can access it by connecting their
> web client to port 8080 on your machine if they know the IP address.
> This vulnerability has been fixed in Netscape 4.75.
This is not the vulnerability at all, but a single instance of an exploit
for it.
IMO, this advisory is misleading since just blocking port 8080 does not
work around the problem.
Kris
--
In God we Trust -- all others must submit an X.509 certificate.
-- Charles Forsythe <forsythealum.mit.edu>
- Next message: Peter Gründl: "Intel Express Switch 500 series DoS"
- Previous message: Dug Song: "Kerberos password authentication issues"
- In reply to: Linux Mandrake Security Team: "MDKSA-2000:036 - netscape update"
- Reply: Kris Kennaway: "Re: MDKSA-2000:036 - netscape update"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]