1997-06-15 - Re: Impact of Netscape kernel hole

Header Data

From: geeman@best.com
To: Adam Shostack <jya@pipeline.com (John Young)
Message Hash: 2e6025a19f09e015124f52275c5d3fd8db6ef48858aeadb3ded31fac23a19485
Message ID: <3.0.32.19970614223746.006d3ea8@best.com>
Reply To: N/A
UTC Datetime: 1997-06-15 05:51:05 UTC
Raw Date: Sun, 15 Jun 1997 13:51:05 +0800

Raw message

From: geeman@best.com
Date: Sun, 15 Jun 1997 13:51:05 +0800
To: Adam Shostack <jya@pipeline.com (John Young)
Subject: Re: Impact of Netscape kernel hole
Message-ID: <3.0.32.19970614223746.006d3ea8@best.com>
MIME-Version: 1.0
Content-Type: text/plain



At 10:28 AM 6/14/97 -0400, Adam Shostack wrote:
>
>
>| >Tim's post (although refuted by Marc) raises some serious issues since I
>| >suspect that Joe Public has his secret key sitting in c:\pgp\secring.pgp
>
>	Are FAT file lists stored as files?

not exactly.  you cannot just open and read. you must jump hoops; but does
the nscp hole allow execution of arbitrary code?  that would be much worse
....

>
>	On a Unix box, /. refers to the file containing directory
>entries, the list of files in the directory.  If there is an analogous
>file on a dos box, you can explore.  

so, no: not unless you can write your own foreign code and run it on the
victim pc.


(Does the bug work on Unix?  I've
>heard it only works if java or livescript are turned on, so it hasn't
>worried me enough to investigate.)
>
>Adam
>
>
>
>-- 
>"It is seldom that liberty of any kind is lost all at once."
>					               -Hume
>
>
>
>






Thread