[18655] in bugtraq
Re: Buffer Overflow still exists in Netscape <= 4.76
daemon@ATHENA.MIT.EDU (Frank v Waveren)
Tue Jan 16 19:29:25 2001
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Message-Id: <20010116185410.A4044@var.cx>
Date: Tue, 16 Jan 2001 18:54:10 +0100
Reply-To: Frank v Waveren <fvw@VAR.CX>
From: Frank v Waveren <fvw@VAR.CX>
X-To: fish stiqz <fish@ANALOG.ORG>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <20010116001943.A24465@analog.org>; from fish@ANALOG.ORG on Tue,
Jan 16, 2001 at 12:19:43AM -0500
On Tue, Jan 16, 2001 at 12:19:43AM -0500, fish stiqz wrote:
> All of the above advisories (and all that I've seen) state that netscape
> versions up to and including 4.75 are vulnerable, not 4.76. I have
> caused netscape 4.76 on both redhat 6.2 and slackware-current to segfault.
> Below is the proof of the pudding:
No dice, apart from a slight rendering bug if you go to the end of the
password field, it doesn't appear to have any problems here.
[/home/fvw] netscape -v
Netscape Lite 4.76/U.S., 06-Oct-00; (c) 1995-2000 Netscape Communications Corp.
[/home/fvw] rpm -qi netscape-navigator
Name : netscape-navigator Relocations: /usr
Version : 4.76 Vendor: Red Hat, Inc.
Release : 0.6.2 Build Date: Mon Nov 13 18:47:54 2000
Size : 7690589 License: Commercial
Packager : Red Hat, Inc. <http://bugzilla.redhat.com/bugzilla>
Summary : The Netscape Navigator Web browser.
--
Frank v Waveren Fingerprint: 0EDB 8787
fvw@[var.cx|dse.nl|stack.nl|chello.nl] ICQ#10074100 09B9 6EF5 6425 B855
Public key: http://www.var.cx/pubkey/fvw@var.cx-gpg 7179 3036 E136 B85D
