From: patrick@Verity.COM (Patrick Horgan)
Date: Fri, 22 Sep 95 09:14:15 PDT
To: rjc@clark.net
Subject: Re: Another Netscape Bug (and possible security hole)
Message-ID: <9509221610.AA19346@cantina.verity.com>
MIME-Version: 1.0
Content-Type: text/plain


> 
> [I hear Perry in the background groaning and muttering "I told you so"]
> These buffer overflow bugs should be taught in every programming
> 101 course along with fencepost errors.
> 
> I'm not even sure if I want to write the obligatory program to exploit
> the hack given that some malicious jerk would probably use it
> on his home page to attack people.
> 
You should consider that there are people with a lot of expertise that are
constantly on the lookout for things like this.  I would bet a nickel to
a donut that many people in the cracker community discovered this a long
time ago and that exploit code was written long ago.  How many people 
logged in as root use netscape?

If the source was available we'd have told them about this long ago.

Patrick
   _______________________________________________________________________
  /  These opinions are mine, and not Verity's (except by coincidence;).  \
 |                                                       (\                |
 |  Patrick J. Horgan         Verity Inc.                 \\    Have       |
 |  patrick@verity.com        1550 Plymouth Street         \\  _ Sword     | 
 |  Phone : (415)960-7600     Mountain View                 \\/    Will    | 
 |  FAX   : (415)960-7750     California 94303             _/\\     Travel | 
  \___________________________________________________________\)__________/