[12190] in bugtraq
Re: Time to update those CGIs again
daemon@ATHENA.MIT.EDU (Sam Carter)
Sat Oct 9 14:26:04 1999
Mime-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Message-Id: <Pine.GSO.4.10.9910081530040.10077-100000@ned.owlnet.rice.edu>
Date: Fri, 8 Oct 1999 15:41:42 -0500
Reply-To: Sam Carter <petrov@OWLNET.RICE.EDU>
From: Sam Carter <petrov@OWLNET.RICE.EDU>
X-To: BUGTRAQ@SECURITYFOCUS.COM
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <0920.991006@sandy.ru>
On Wed, 6 Oct 1999, 3APA3A wrote:
> - there is no such problem. Can you say the version of Netscape with
> this bug?
The default netscape with RH5.2 (4.08), and glibc Netscape 4.61 for linux
are both vulnerable. Netscape 4.04, 4.07, 4.51, and 4.6 under solaris are
all vulnerable. Netscape 3.03 under solaris is *not* vulnerable.
Here's the full version numbers of the vulnerable versions:
Linux (x86):
Netscape 4.08/Export, 02-Nov-98; (c) 1995-1998 Netscape Communications Corp.
Netscape 4.61/U.S., 27-May-99; (c) 1995-1998 Netscape Communications Corp.
Solaris (sparc):
Netscape 4.04/Export, 06-Nov-97; (c) 1995-1997 Netscape Communications Corp.
Netscape 4.07/U.S., 29-Sep-98; (c) 1995-1998 Netscape Communications Corp.
Netscape 4.51/U.S., 27-Feb-99; (c) 1995-1998 Netscape Communications Corp.
Netscape 4.6/Export, 04-May-99; (c) 1995-1998 Netscape Communications Corp.
And this one is not vulnerable:
Netscape 3.03/export, 28-Jul-97; (c) 1995,1996 Netscape Communications Corp.
It looks like they introduced a bug in their build tree for Unix in
version 4.x.
I also ran a few cursory tests with other characters with the high bit
set, and it appears that only the two (0x8b and 0x9b) mentioned earlier
provoke any odd behavior. I couldn't find a correspondly character that
mapped to &, the other metacharacter in HTML, but maybe I was looking in
the wrong place.
sam
