1995-09-22 - Re: Another Netscape Bug (and possible security hole)

Header Data

From: sameer <sameer@c2.org>
To: rjc@clark.net (Ray Cromwell)
Message Hash: 35bdaf8dee5e39c2c403e23a278a529f4396d63a5ccc7c243b5748c6679cf7f0
Message ID: <199509221823.LAA19265@infinity.c2.org>
Reply To: <199509221713.NAA11980@clark.net>
UTC Datetime: 1995-09-22 18:28:44 UTC
Raw Date: Fri, 22 Sep 95 11:28:44 PDT

Raw message

From: sameer <sameer@c2.org>
Date: Fri, 22 Sep 95 11:28:44 PDT
To: rjc@clark.net (Ray Cromwell)
Subject: Re: Another Netscape Bug (and possible security hole)
In-Reply-To: <199509221713.NAA11980@clark.net>
Message-ID: <199509221823.LAA19265@infinity.c2.org>
MIME-Version: 1.0
Content-Type: text/plain


	Suggestion: Once you figure out how to exploit it for a
particular platform write a cgi-script which checks the USER_AGENT (or
whatever it is called) environment variable to make sure the netscape
that has reached your exploit is the same platform as the exploit was
written for.

> 
> Perry writes:
> > > These buffer overflow bugs should be taught in every programming
> > > 101 course along with fencepost errors.
> > > 
> > > I'm not even sure if I want to write the obligatory program to exploit
> > > the hack given that some malicious jerk would probably use it
> > > on his home page to attack people.
> > 
> > The problem is that if you don't produce a (benign) exploit people
> > aren't going to take it seriously enough.
> 
>   Yeah, I guessed that. I'll work on it, I have a few doubts I have
> to research first. For instance, how to embed code in the domain that
> 1) server/client processing won't "cook" and 2) contains no isolated
> zero bytes which would null terminate the string.
> 
>   My current idea is to look in Netscape for an "exec" routine,
> and call it passing a "/bin/csh" to it.
> 
>   Irregardless, it's a nasty bug given that you can crash anyone's
> netscape. And on Mac/Win3.1, it may even require a reboot.
> 
> -Ray
>  
> 
>  
> 
>   
> 
> 
> 


-- 
sameer						Voice:   510-601-9777
Community ConneXion				FAX:	 510-601-9734
An Internet Privacy Provider			Dialin:  510-658-6376
http://www.c2.org (or login as "guest")			sameer@c2.org




Thread