In article <199509252300.QAA29812@infinity.c2.org>, sameer@c2.org (sameer) writes:

He's -asking- for an exploit. Tshirts to Ray and the person who does the exploit, if it gets written. Maybe I should just ring up 8lgm and have them do one.

...

On Mon, 25 Sep 1995, John Young wrote:

...

The Wall Street Journal, September 25, 1995, p. B12.

...

Marc Andreessen, vice president of technology at Netscape, said the company will issue fixes for the recent glitches later this week. He added that it's unclear whether anything other than temporarily crashing a user's computer could result trom the recent flaw.

Oh Marc, you didn't really want to say that, did you?

-Thomas

I asked Marc about this one, since it bothered me too. Apparently Jared asked Marc if he was aware of specific examples of how this bug might be exploited. Marc replied that we had not seen anything other than what was already posted on cypherpunks. Since the original article did not use quotes, I assume that what was written was a paraphrase, and as such it has been interpreted by the author. That said, we take this problem seriously, and have taken steps to fix it. The patch that will be released tomorrow will include fixes for this buffer overflow, and others that we found during a review of all of our code. I think it would be more constructive to pound on the new version than one that is known to be busted, and will be patched by tomorrow. --Jeff -- Jeff Weinstein - Electronic Munitions Specialist Netscape Communication Corporation jsw@netscape.com - http://home.netscape.com/people/jsw Any opinions expressed above are mine.