Another Netscape Bug (and possible security hole)
Patrick Horgan
patrick at Verity.COM
Fri Sep 22 09:14:15 PDT 1995
>
> [I hear Perry in the background groaning and muttering "I told you so"]
> These buffer overflow bugs should be taught in every programming
> 101 course along with fencepost errors.
>
> I'm not even sure if I want to write the obligatory program to exploit
> the hack given that some malicious jerk would probably use it
> on his home page to attack people.
>
You should consider that there are people with a lot of expertise that are
constantly on the lookout for things like this. I would bet a nickel to
a donut that many people in the cracker community discovered this a long
time ago and that exploit code was written long ago. How many people
logged in as root use netscape?
If the source was available we'd have told them about this long ago.
Patrick
_______________________________________________________________________
/ These opinions are mine, and not Verity's (except by coincidence;). \
| (\ |
| Patrick J. Horgan Verity Inc. \\ Have |
| patrick at verity.com 1550 Plymouth Street \\ _ Sword |
| Phone : (415)960-7600 Mountain View \\/ Will |
| FAX : (415)960-7750 California 94303 _/\\ Travel |
\___________________________________________________________\)__________/
More information about the cypherpunks-legacy
mailing list