Suggestion: Once you figure out how to exploit it for a particular platform write a cgi-script which checks the USER_AGENT (or whatever it is called) environment variable to make sure the netscape that has reached your exploit is the same platform as the exploit was written for.
Perry writes:
These buffer overflow bugs should be taught in every programming 101 course along with fencepost errors.
I'm not even sure if I want to write the obligatory program to exploit the hack given that some malicious jerk would probably use it on his home page to attack people.
The problem is that if you don't produce a (benign) exploit people aren't going to take it seriously enough.
Yeah, I guessed that. I'll work on it, I have a few doubts I have to research first. For instance, how to embed code in the domain that 1) server/client processing won't "cook" and 2) contains no isolated zero bytes which would null terminate the string.
My current idea is to look in Netscape for an "exec" routine, and call it passing a "/bin/csh" to it.
Irregardless, it's a nasty bug given that you can crash anyone's netscape. And on Mac/Win3.1, it may even require a reboot.
-Ray
-- sameer Voice: 510-601-9777 Community ConneXion FAX: 510-601-9734 An Internet Privacy Provider Dialin: 510-658-6376 http://www.c2.org (or login as "guest") sameer@c2.org