Impact of Netscape kernel hole
geeman at best.com
geeman at best.com
Sat Jun 14 22:51:05 PDT 1997
At 10:28 AM 6/14/97 -0400, Adam Shostack wrote:
>
>
>| >Tim's post (although refuted by Marc) raises some serious issues since I
>| >suspect that Joe Public has his secret key sitting in c:\pgp\secring.pgp
>
> Are FAT file lists stored as files?
not exactly. you cannot just open and read. you must jump hoops; but does
the nscp hole allow execution of arbitrary code? that would be much worse
....
>
> On a Unix box, /. refers to the file containing directory
>entries, the list of files in the directory. If there is an analogous
>file on a dos box, you can explore.
so, no: not unless you can write your own foreign code and run it on the
victim pc.
(Does the bug work on Unix? I've
>heard it only works if java or livescript are turned on, so it hasn't
>worried me enough to investigate.)
>
>Adam
>
>
>
>--
>"It is seldom that liberty of any kind is lost all at once."
> -Hume
>
>
>
>
More information about the cypherpunks-legacy
mailing list