[12263] in bugtraq


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Netscape 4.x buffer overflow

daemon@ATHENA.MIT.EDU (Michael Breuer)
Mon Oct 18 14:07:54 1999

Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Message-Id:  <38072A49.E13DE469@siac.com>
Date:         Fri, 15 Oct 1999 09:21:13 -0400
Reply-To: Michael Breuer <mbreuer@SIAC.COM>
From: Michael Breuer <mbreuer@SIAC.COM>
X-To:         BUGTRAQ@SECURITYFOCUS.COM
To: BUGTRAQ@SECURITYFOCUS.COM

I have found a buffer overflow in Netscape Communicator probably affecting all versions. The problem occurs when Communicator
attempts to validate any key where the key length is > 2k.  I have tested this on 4.61 and 4.7, unix (Irix) and Windows.  Netscape
has been notified of the problem and expect a fix for 4.8.

As the problem manifests during the check of the key, any portion of the key chain which has a key > 2k triggers the problem.  Thus,
the potential for widespread DoS attacks via email.  I suspect, but have not pursued, the possibility of exploiting the overflow to
execute arbitrary code.
--
Michael Breuer
mbreuer@siac.com


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[12263] in bugtraq

Netscape 4.x buffer overflow

daemon@ATHENA.MIT.EDU (Michael Breuer)Mon Oct 18 14:07:54 1999

daemon@ATHENA.MIT.EDU (Michael Breuer)
Mon Oct 18 14:07:54 1999