"Vladimir Z. Nuri" writes:
none of the articles mention that the cracker must have login access to the computer that the random numbers are generated on. is this true? does the code require knowledge of the PID etc. that can only be obtained by a login to the system that the netscape session is running on?
You can guess the PID without much trouble -- they are 15 bit numbers.
P.M. notes that anywhere there is a data-driven buffer overflow (which he suspects are all over netscape) he can get code to execute anything he wants. this reminds me of the Morris internet worm that ran exactly the same way.
That was one of the first wide exploits of the trick, yes.
my question: I have not seen the specifics of how this works. does this require specialized knowledge of the native machine language on the host machine?
Yes. However, its very straightforward to do. The recent syslog(3) problem was of this nature, by the way. Perry