[52962] in Cypherpunks

home help back first fref pref prev next nref lref last post

Re: Netscape 2.01 fixes server vulnerabilities by breaking the client...

daemon@ATHENA.MIT.EDU (Rich Graves)
Sat Mar 30 02:33:33 1996

Date: Fri, 29 Mar 1996 18:17:36 -0800 (PST)
From: Rich Graves <llurch@networking.stanford.edu>
To: Tom Weinstein <tomw@netscape.com>
Cc: Louis Freeh <cypherpunks@toad.com>
In-Reply-To: <315C8FCB.2781@netscape.com>

On Fri, 29 Mar 1996, Tom Weinstein wrote:

> It may be unpleasant, but it's a fact that there was a real security
> hole here.  There is a well known buffer overrun bug in finger that a
> lot of people inside firewalls haven't fixed.  Using gopher: URLs
> in IMG tags it was possible to do nasty things.  We tried to err on
> the side of permissivity, but finger was one port we just couldn't
> allow.  Yes, it sucks.  So does someone reaching through your firewall
> and running commands as root.

How about limiting URLs on non-blessed ports to, say, 64 alphanumeric
characters? I'm sure the documentation writers and technical support
folks would hate you, but it should address these concerns.

-rich


home help back first fref pref prev next nref lref last post