1996-04-24 - RISKS: Java security/privacy bug

Header Data

From: stevenw@best.com (Steven Weller)
To: cypherpunks@toad.com
Message Hash: 82ee8d0f85bc7ae1eb35921f7b0c34509d3e8a6af1e040dd194b928b1560260b
Message ID: <v01540b00ada322012ce5@[206.86.1.35]>
Reply To: N/A
UTC Datetime: 1996-04-24 05:48:07 UTC
Raw Date: Wed, 24 Apr 1996 13:48:07 +0800

Raw message

From: stevenw@best.com (Steven Weller)
Date: Wed, 24 Apr 1996 13:48:07 +0800
To: cypherpunks@toad.com
Subject: RISKS: Java security/privacy bug
Message-ID: <v01540b00ada322012ce5@[206.86.1.35]>
MIME-Version: 1.0
Content-Type: text/plain



>From RISKS:

----------------------------------------------------------------------

Date: Mon, 22 Apr 96 17:37:54 +0200
From: goldstei@iamexwi.unibe.ch (TERMINATOR)
Subject: Java security/privacy bug

We have found a privacy/security bug in the Java implementation of the
Netscape Navigator. It is very easily possible for an applet to find out the
pathname of the directory in which the Netscape Navigator was started.  This
information could then be sent back to a CGI program for logging. Clearly
this information should not be available to an applet, as is indicated by
the fact that applets are prevented from reading the "user.home" and
"user.dir" system properties.

When the Netscape Navigator is run under the Windows 95 OS, the pathname
usually does not contain any critical information. However, when the
Navigator is run under a multi-user network OS, such as UNIX, the pathname
often contains the e-mail and/or login name of the user. In addition, the
pathname might reveal details about the topology of the user's network,
which an experienced hacker might be able to exploit.

There are two ways to protect yourself from this problem: Either start up
the Netscape Navigator in a directory whose pathname does not reveal any
critical information, or disable Java altogether (Options | Security
Preferences | General). A system administrator can protect his network by
configuring the HTTP proxy server not to retrieve Java ".class" files.

This bug is present in at least the following versions of the Navigator:

        2.0
        2.01
        3.0b2
        2.0GoldB1
        2.01Gold

and in the implementations for at least the following platforms:

        SunOS 4.1.2, 4.1.3, 4.1.4
        SunOS 5.3, 5.4, 5.5
        Windows 95, Windows NT
        IRIX 5.2, 5.3
        HP-UX A.0903, A.0905
        Linux 1.2.10, 1.2.13
        FreeBSD 2.1.0-RELEASE
        OSF1 V3.2

We have not tested whether this bug also exists in Sun's HotJava browser.

We will release full details of the bug as soon as Sun and Netscape have
issued patches which fix the problem.

Full details have been sent to Sun and Netscape. This announcements has also
been posted to the "comp.lang.java" newsgroup and has been sent to CERT.

Daniel Abplanalp and Stephan Goldstein (goldstei@iamexwi.unibe.ch)
Berne, Switzerland

------------------------------

-------------------------------------------------------------------------
Steven Weller                      |  Weller's three steps to Greatness:
                                   |     1. See what others cannot
                                   |     2. Think what others cannot
stevenw@best.com                   |     3. Express what others cannot







Thread