[16127] in bugtraq
Re: Dangerous Java/Netscape Security Hole
daemon@ATHENA.MIT.EDU (Art Savelev)
Tue Aug 8 03:14:29 2000
MIME-Version: 1.0
Content-Type: text/plain; charset=koi8-r
Content-Transfer-Encoding: 7bit
Message-ID: <398F27CC.E8FA18E8@eni-net.net>
Date: Mon, 7 Aug 2000 17:19:08 -0400
Reply-To: Art Savelev <asavelev@ENI-NET.NET>
From: Art Savelev <asavelev@ENI-NET.NET>
X-To: tkuiper@TOBIT.COM
To: BUGTRAQ@SECURITYFOCUS.COM
Doesn't work in Mozilla M16, kills Netscape 6 Preview 1 (which is M15
look at http://www.mozilla.org/projects/seamonkey/milestones/ ).
Works in 4.74 though. ;-)
Tested on W2K Pro, no SP1.
tkuiper@TOBIT.COM wrote:
> which versions are affected, even Netscape 6 PRE?
>
> Best Regards,
> Thomas
>
> -------- Original Message --------
> Subject: Dangerous Java/Netscape Security Hole (07-Aug-2000 9:35)
> From: dan=security@BRUMLEVE.COM
> To: tkuiper@TOBIT.COM
>
> Dear BugTraq,
>
> I've found some security holes in Java and Netscape
> that allow arbitrary network access and read-access
> for local files and directories. As a demonstration
> I've written Brown Orifice HTTPD, a web server and file
> sharing tool that runs in Netscape Communicator on all
> tested platforms. For more information, see:
>
> http://www.brumleve.com/BrownOrifice
>
> Thomas Kuiper | tkuiper@tobit.com | www.tobit.com __
> Core Development | ICQ #8345483 | /__/\
> Tobit Software | PGP Key on Request | ask your server. \__\/
>
> To: dan=security@BRUMLEVE.COM
> BUGTRAQ@SECURITYFOCUS.COM
--
Art Savelev
617-969-7777
http://www.eni-net.com
