|
Bugtraq
mailing list archives
Re: Dangerous Java/Netscape Security Hole
From: Art Savelev <asavelev () ENI-NET NET>
Date: Mon, 7 Aug 2000 17:19:08 -0400
Doesn't work in Mozilla M16, kills Netscape 6 Preview 1 (which is M15
look at http://www.mozilla.org/projects/seamonkey/milestones/ ).
Works in 4.74 though. ;-)
Tested on W2K Pro, no SP1.
tkuiper () TOBIT COM wrote:
which versions are affected, even Netscape 6 PRE?
Best Regards,
Thomas
-------- Original Message --------
Subject: Dangerous Java/Netscape Security Hole (07-Aug-2000 9:35)
From: dan=security () BRUMLEVE COM
To: tkuiper () TOBIT COM
Dear BugTraq,
I've found some security holes in Java and Netscape
that allow arbitrary network access and read-access
for local files and directories. As a demonstration
I've written Brown Orifice HTTPD, a web server and file
sharing tool that runs in Netscape Communicator on all
tested platforms. For more information, see:
http://www.brumleve.com/BrownOrifice
Thomas Kuiper | tkuiper () tobit com | www.tobit.com __
Core Development | ICQ #8345483 | /__/\
Tobit Software | PGP Key on Request | ask your server. \__\/
To: dan=security () BRUMLEVE COM
BUGTRAQ () SECURITYFOCUS COM
--
Art Savelev
617-969-7777
http://www.eni-net.com
 By Date 
By Thread
Current thread:
- Brown Orifice HTTPD Directory Traversal Vulnerability (was Re: Dangerous Java/Netscape Security Hole), (continued)
|
Intro
