This just in: Netscape Vulnerability

David Lapointe dlapointe at mediaone.net
Thu Aug 10 23:00:51 EDT 2000


This came from the Mandrake security list.  I can't demonstrate the vulnerability though,
likely related to my firewall.  

Problem Description:

There exists a problem in all versions of Netscape with Java enabled.
Under certain conditions, Netscape can be turned into a server that
serves files on your local hard drive that Netscape has read access to
and remote people can access it by connecting their web client to port
8080 on your machine if they know the IP address.  For a demonstration
of this vulnerability visit http://www.brumleve.com/BrownOrifice/.
________________________________________________________________________

Linux-Mandrake recommends you disable Java to make Netscape invulnerable
to this exploit.  You can disable Java by hand in Edit -> Preferences ->
Advanced.  You can also remove the preferences.js file by using:

rm -f ~/.netscape/preferences.js
_

-- 
 .david
 David Lapointe
"Hokey religions and ancient weapons are no 
match for a good blaster at your side, kid,"
-
Subcription/unsubscription/info requests: send e-mail with
"subscribe", "unsubscribe", or "info" on the first line of the
message body to discuss-request at blu.org (Subject line is ignored).



More information about the Discuss mailing list