Home page logo
/

bugtraq logo Bugtraq mailing list archives

Re: Netscape FastTrack httpd remote exploit
From: vision () WHITEHATS COM (Max Vision)
Date: Fri, 31 Dec 1999 11:51:44 -0800


Hi,

This attack can now be detected by the following IDS signatures:

http://dev.whitehats.com/cgi/test/new.pl/Show?_id=web-netscape-overflow-unixware
http://dev.whitehats.com/cgi/test/new.pl/Show?_id=outgoing_xterm
http://dev.whitehats.com/cgi/test/new.pl/Show?_id=nops-x86

These signatures are also available as part of
http://dev.whitehats.com/ids/vision.conf

Note that each record includes packet traces from usage of an actual
exploit attempt.

Max Vision
http://whitehats.com/   <- free tools, forums, IDS database
http://maxvision.net/

On Fri, 31 Dec 1999, Brock Tellier wrote:
OVERVIEW
A vulnerability in Netscape FastTrack 2.01a will allow any remote user to
execute commands as the user running the httpd daemon (probably nobody).  This
service is running by default on a standard UnixWare 7.1 installation.

/** uwhelp.c - remote exploit for UnixWare's Netscape FastTrack
 **            2.01a scohelp http service
 **


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]