[8640] in bugtraq

home help back first fref pref prev next nref lref last post

Re: Netscape Communicator 4.5 can read local files

daemon@ATHENA.MIT.EDU (Sven Carstens)
Wed Nov 25 19:57:25 1998

Date: 	Wed, 25 Nov 1998 21:58:46 +0100
Reply-To: sven@MSC-MEDIA.DE
From: Sven Carstens <sven@MSC-MEDIA.DE>
To: BUGTRAQ@NETSPACE.ORG

>I have just tested this bug in Netscape 4.5 on a RedHat Linux 5.1 machine,
>Kermel 2.0.34 and with minor patching of the java, it is also effective.  I
>was sucessful in retrieving ANY LOCAL FILE with the World readable
>attribute. This includes the /etc/passwd file!  In netscape,
>Edit>Preferences>Advanced>Disable Javascript in Mail and News will block
>this exploit, unless the person has access to your web server.

I tried it with Kernel 2.0.35 and Netscape 4.08.
java40.jar is 1886016 bytes Okt 13 19:14

All I get is this Message :

JavaScript Error: uncaught Java exception
netscape/security/AppletSecurityException
("security.checkread: Read of '/tmp/test'
not permitted")

home help back first fref pref prev next nref lref last post