[52962] in Cypherpunks
Re: Netscape 2.01 fixes server vulnerabilities by breaking the client...
daemon@ATHENA.MIT.EDU (Rich Graves)
Sat Mar 30 02:33:33 1996
Date: Fri, 29 Mar 1996 18:17:36 -0800 (PST)
From: Rich Graves <llurch@networking.stanford.edu>
To: Tom Weinstein <tomw@netscape.com>
Cc: Louis Freeh <cypherpunks@toad.com>
In-Reply-To: <315C8FCB.2781@netscape.com>
On Fri, 29 Mar 1996, Tom Weinstein wrote:
> It may be unpleasant, but it's a fact that there was a real security
> hole here. There is a well known buffer overrun bug in finger that a
> lot of people inside firewalls haven't fixed. Using gopher: URLs
> in IMG tags it was possible to do nasty things. We tried to err on
> the side of permissivity, but finger was one port we just couldn't
> allow. Yes, it sucks. So does someone reaching through your firewall
> and running commands as root.
How about limiting URLs on non-blessed ports to, say, 64 alphanumeric
characters? I'm sure the documentation writers and technical support
folks would hate you, but it should address these concerns.
-rich