[16217] in bugtraq

home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: BrownOrifice can break firewalls!

daemon@ATHENA.MIT.EDU (TAKAGI, Hiromitsu)
Mon Aug 14 12:33:15 2000

MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Message-ID:  <39946319340.6D7ETAKAGI@java-house.etl.go.jp>
Date:         Sat, 12 Aug 2000 05:33:29 +0900
Reply-To: "TAKAGI, Hiromitsu" <takagi@ETL.GO.JP>
From: "TAKAGI, Hiromitsu" <takagi@ETL.GO.JP>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To:  <08CC1787EEE6D311804A0008C72813EA235546@bfi0001.bfi.admin.ch>

On Thu, 10 Aug 2000 09:04:32 +0200
"Greulich, Andreas" <Andreas.Greulich@ISB.ADMIN.CH> wrote:
> I am quite surprised about the low echo the newest bug in Netscapes Java
> library (see http://www.brumleve.com/BrownOrifice/) receives. I am quite
> worried about it because I think its impact is much higher than the
> "WWW-server-applet" you find on above page.

This can be verified by trying the following refined proof of concept
Applet.
http://java-house.etl.go.jp/~takagi/java/test/Brumleve-BrownOrifice-modified-netscape.net.URLConnection/Test.html

I have confirmed that Mac OS version is also affected.


Regards,
--
Hiromitsu Takagi
Electrotechnical Laboratory
http://www.etl.go.jp/~takagi/

home	help	back	first	fref	pref	prev	next	nref	lref	last	post