Another Netscape Bug (and possible security hole)
sameer
sameer at c2.org
Fri Sep 22 11:28:44 PDT 1995
Suggestion: Once you figure out how to exploit it for a
particular platform write a cgi-script which checks the USER_AGENT (or
whatever it is called) environment variable to make sure the netscape
that has reached your exploit is the same platform as the exploit was
written for.
>
> Perry writes:
> > > These buffer overflow bugs should be taught in every programming
> > > 101 course along with fencepost errors.
> > >
> > > I'm not even sure if I want to write the obligatory program to exploit
> > > the hack given that some malicious jerk would probably use it
> > > on his home page to attack people.
> >
> > The problem is that if you don't produce a (benign) exploit people
> > aren't going to take it seriously enough.
>
> Yeah, I guessed that. I'll work on it, I have a few doubts I have
> to research first. For instance, how to embed code in the domain that
> 1) server/client processing won't "cook" and 2) contains no isolated
> zero bytes which would null terminate the string.
>
> My current idea is to look in Netscape for an "exec" routine,
> and call it passing a "/bin/csh" to it.
>
> Irregardless, it's a nasty bug given that you can crash anyone's
> netscape. And on Mac/Win3.1, it may even require a reboot.
>
> -Ray
>
>
>
>
>
>
>
>
--
sameer Voice: 510-601-9777
Community ConneXion FAX: 510-601-9734
An Internet Privacy Provider Dialin: 510-658-6376
http://www.c2.org (or login as "guest") sameer at c2.org
More information about the cypherpunks-legacy
mailing list