1995-09-22 - Re: Another Netscape Bug (and possible security hole)

Header Data

From: goedel@tezcat.com (Dietrich J. Kappe)
To: cypherpunks@toad.com (Cypherpunks Mailing List)
Message Hash: 81f44f0eac41ab668aefa824cf09b0de8b175d4b00e7202fbb4fdaf90c0877af
Message ID: <v01510100ac8821ac2b23@[206.1.161.4]>
Reply To: N/A
UTC Datetime: 1995-09-22 07:24:28 UTC
Raw Date: Fri, 22 Sep 95 00:24:28 PDT

Raw message

From: goedel@tezcat.com (Dietrich J. Kappe)
Date: Fri, 22 Sep 95 00:24:28 PDT
To: cypherpunks@toad.com (Cypherpunks Mailing List)
Subject: Re: Another Netscape Bug (and possible security hole)
Message-ID: <v01510100ac8821ac2b23@[206.1.161.4]>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

>Ray Cromwell writes:
>> I've found a Netscape bug which I suspect is a buffer overflow and
>> may have the potential for serious damage. If it is an overflow bug,
>> then it may be possible to infect every computer which accesses a web
>> page with Netscape. To see the bug, create an html file containing
>> the following:
>
>Oh brother, this is unbelievable !
>
>I'm using Netscape 1.1N under SunOS 4.1.2.
>
>It turns out that the same (or a similar) flaw resides in the Open Location
>input routine -- perhaps this merely coincides with the code called when a
>URL is clicked. Anyway, pasting a URL with an overlong domain name a la
Ray's
>example causes two things:
>
>(1) Part of the Open Location window widget, below the entry box, gets
>overwritten onscreen with a portion of the entered URL.
>
>(2) Netscape crashes with a segmentation fault (no core dump that I can
see).

Netscape 1.1N on a powermac crashes hard on that url. If anyone wants to try
it out, I've put up a simple page with the url at

http://www.redweb.com/experiment/bug.html

*warning* view the source before you click on strange links!!!

I don't do PPC assembler, so I can't tell you what happened.


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQBgAwUBMGJysHIf3YegbdiBAQF/RAJWNVXvLgyPEjVVoGUNoX/AqKlIiT5Axmek
+dCoGJy6CMcP7fq3rB+DAt+SziIaG2X+rUSLt8ih39TBjD1FLAKKsE/VhBHJrp+v
pSoO
=jfLP
-----END PGP SIGNATURE-----







Thread