1996-03-30 - Re: Netscape 2.01 fixes server vulnerabilities by breaking the client…

Header Data

From: Tom Weinstein <tomw@netscape.com>
To: Rich Graves <llurch@networking.stanford.edu>
Message Hash: 0dc88e29c6dcfc45431e66af862a36ad21169a3aa3916a9974dc0305392ae8ec
Message ID: <315C8FCB.2781@netscape.com>
Reply To: <Pine.SUN.3.92.960329011606.6636A-100000@elaine19.Stanford.EDU>
UTC Datetime: 1996-03-30 11:08:01 UTC
Raw Date: Sat, 30 Mar 1996 19:08:01 +0800

Raw message

From: Tom Weinstein <tomw@netscape.com>
Date: Sat, 30 Mar 1996 19:08:01 +0800
To: Rich Graves <llurch@networking.stanford.edu>
Subject: Re: Netscape 2.01 fixes server vulnerabilities by breaking the client...
In-Reply-To: <Pine.SUN.3.92.960329011606.6636A-100000@elaine19.Stanford.EDU>
Message-ID: <315C8FCB.2781@netscape.com>
MIME-Version: 1.0
Content-Type: text/plain


Rich Graves wrote:
> 
> Now I suppose they'll want me to fix all the pages where I do a finger
> with a gopher://host:79/0user Any chance this nonfix can be unfixed?
> 
> This nonfix was applied to the UNIX and Win32 versions; I haven't
> checked the other platforms.

It may be unpleasant, but it's a fact that there was a real security
hole here.  There is a well known buffer overrun bug in finger that a
lot of people inside firewalls haven't fixed.  Using gopher: URLs
in IMG tags it was possible to do nasty things.  We tried to err on
the side of permissivity, but finger was one port we just couldn't
allow.  Yes, it sucks.  So does someone reaching through your firewall
and running commands as root.

-- 
Sure we spend a lot of money, but that doesn't mean | Tom Weinstein
we *do* anything.  --  Washington DC motto          | tomw@netscape.com





Thread