[16389] in bugtraq
Re: BrownOrifice can break firewalls!
daemon@ATHENA.MIT.EDU (TAKAGI, Hiromitsu)
Fri Aug 25 15:01:24 2000
Mime-Version: 1.0
Content-Type: text/plain; charset="US-ASCII"
Content-Transfer-Encoding: 7bit
Message-Id: <20000824094211.36BF.TAKAGI@etl.go.jp>
Date: Thu, 24 Aug 2000 09:53:52 +0900
Reply-To: "TAKAGI, Hiromitsu" <takagi@ETL.GO.JP>
From: "TAKAGI, Hiromitsu" <takagi@ETL.GO.JP>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <39946319340.6D7ETAKAGI@java-house.etl.go.jp>
On Sat, 12 Aug 2000 05:33:29 +0900
"TAKAGI, Hiromitsu" <takagi@ETL.GO.JP> wrote:
> On Thu, 10 Aug 2000 09:04:32 +0200
> "Greulich, Andreas" <Andreas.Greulich@ISB.ADMIN.CH> wrote:
> > I am quite surprised about the low echo the newest bug in Netscapes Java
> > library (see http://www.brumleve.com/BrownOrifice/) receives. I am quite
> > worried about it because I think its impact is much higher than the
> > "WWW-server-applet" you find on above page.
>
> This can be verified by trying the following refined proof of concept
> Applet.
> http://java-house.etl.go.jp/~takagi/java/test/Brumleve-BrownOrifice-modified-netscape.net.URLConnection/Test.html
I have confirmed that "about:global" url also can be used to exploit.
This makes the problem more serious.
Regards,
--
Hiromitsu Takagi
Electrotechnical Laboratory
http://www.etl.go.jp/~takagi/
