[8644] in bugtraq
Re: Netscape Communicator 4.5 can read local files
daemon@ATHENA.MIT.EDU (Trev)
Sat Nov 28 16:00:02 1998
Date: Fri, 27 Nov 1998 05:07:36 -0800
Reply-To: Trev <trev@KICS.BC.CA>
From: Trev <trev@KICS.BC.CA>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <365D3C17.1720DBC@tecmath.de>
After some 2,000 hits on my version of the "Guninski Exploit" in the last
couple of days, I have a pretty good idea of what's vulnerable and what's
not. If it worked, it would call a specific CGI automatically, however
some people did try to call it manually.
It appears that the only version of Netscape 4.x that *ISN'T* vulnerable is
4.08 (both windoze and unix). It gives the "security.checkread" error.
All other versions faithfully reported back the file contents many times.
The funny thing about 4.08 is that it asks the web server for
"java/io.class", which doesn't exist. I don't know what the result would
be if such a thing did exist. Since it fails due to a security.checkread,
I doubt it would make much difference.
Trev
