[2611] in bugtraq
Re: Is _your_ Netscape under remote control
daemon@ATHENA.MIT.EDU (Sven Neuhaus)
Fri May 24 19:06:18 1996
Date: Fri, 24 May 1996 21:59:45 +0200
Reply-To: Bugtraq List <BUGTRAQ@NETSPACE.ORG>
From: Sven Neuhaus <sven@fuzzy.do.eunet.de>
To: Multiple recipients of list BUGTRAQ <BUGTRAQ@NETSPACE.ORG>
In-Reply-To: Your message of "Fri, 24 May 1996 15:58:39 -0000."
<Pine.LNX.3.91.960524155022.23468C-100000@mailhost.emap.co.uk>
-----BEGIN PGP SIGNED MESSAGE-----
Content-Type: message/rfc822
X-Mailer: exmh version 1.6.7 05/05/96
From: sven@fuzzy.do.eunet.de (Sven Neuhaus)
To: Bugtraq List <BUGTRAQ@NETSPACE.ORG>
Subject: Re: Is _your_ Netscape under remote control
In-Reply-To: Your message of "Fri, 24 May 1996 15:58:39 -0000."
<Pine.LNX.3.91.960524155022.23468C-100000@mailhost.emap.co.uk>
X-Url: http://www.ping.de/~sven/
X-Face: %y@Pd*R`Agvcq1qsnLm3)-r`72:z2z&J3bS'!r6/G%,3ilsP</-UOX0MgsvC6hi/.Zo>[Ti
DQ)6F!iUOx9N-g&?-VGiYJlTBqKY6J#6;lO`dJH;4Eg\Graog[HXN!lul^n3#2HAK-vqTp9ftQvHQc
I@9{4@EPi9f8=!z%
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
[...]
In short: Netscape can be remote controlled by all users who have access to
someone's X Server.
> and if the browsing user has an open X display anyone can then log into
> their account. Obviously this would be worse if root was running
> Netscape. This could also be used to have an idle netscape visit various
> pages of dubious virtue and bookmark them all, then the prankster can
> stop by the victim and have a laugh at their expense...
I don't see this as a security problem. If you have access to someone's X
server, that someone's security can easily be compromised. It is possible to
log all keys typed, generate fake keyboard and mouse input, close windows or
just plain quit the X server.
- -Sven
- --
[..] testosterone is what supposedly transforms innocent choir-
boys into chest-thumping barbarians who wage war, monopolize
conversations and leave toilet seats up. [from: Playboy Nov/95]
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: latin1
iQCVAwUBMaYVMHjfXfFhHz81AQGyXQP9H8TiWzKG9mGtbHSvjcV6EWaLRzc7iDOR
u4z8ljP5Dys3/4KL5owtnXuVNxA8lXtSBlAmT/+2I+JuskvqUP0R4k8UpvXMSYNQ
5fh7oB4HjQPZjRRkAEp+ORwg6SUpSyRodltZy0mS4ZEzO9cDHWC1XFA9haeovuap
HAkTxmIuaUs=
=X9Jl
-----END PGP SIGNATURE-----
