[2639] in bugtraq
Re: Is _your_ Netscape under remote control
daemon@ATHENA.MIT.EDU (Wolfgang Ley)
Mon May 27 11:34:48 1996
Date: Mon, 27 May 1996 15:20:12 +0200
Reply-To: Bugtraq List <BUGTRAQ@NETSPACE.ORG>
From: Wolfgang Ley <ley@cert.dfn.de>
To: Multiple recipients of list BUGTRAQ <BUGTRAQ@NETSPACE.ORG>
In-Reply-To: <Pine.SOL.3.91.960525191017.11863A-100000@fgh> from "Dave
Horsfall" at May 25, 96 07:11:17 pm
-----BEGIN PGP SIGNED MESSAGE-----
Dave Horsfall wrote:
>
> Anyone know whether any versions of Mosaic are susceptible? I don't use
> Netscrape...
Mosaic (at least the Unix version of NCSA) has two different remote control
protocols:
1) via a TCP/IP connection to a port specified by the user:
This CCI (Common Client Interface) is diabled by default, but the user
is able to activate it (via option, menu or resources). The user has
to specify a port number to use for remote control.
There is no access control - so if you activate it everyone can
connect to the Mosaic process and remote control it.
See also:
http://www.ncsa.uiuc.edu/SDG/Software/XMosaic/CCI/cci-spec.html
2) via signal handling and a local file:
If you send a USR1 signal to the running Mosaic it tries to read
commands from /tmp/Mosaic.<pid>
Sending a USR1 signal to the process should only be possible by the
use running the browser, so this is better than the CCI stuff.
This is enabled by default (and can't be switched off).
See also:
http://www.ncsa.uiuc.edu/SDG/Software/XMosaic/remote-control.html
Bye,
Wolfgang Ley.
- --
Wolfgang Ley, DFN-CERT, Vogt-Koelln-Str. 30, 22527 Hamburg, Germany
Email: ley@cert.dfn.de Phone: +49 40 54715-262 Fax: +49 40 54715-241
PGP-Key available via finger ley@ftp.cert.dfn.de any key-server or via
WWW from http://www.cert.dfn.de/~ley/ ...have a nice day
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2i
iQCVAwUBMamsCQQmfXmOCknRAQHY+gP/TJA+fABmeh30me+H5gBnNjMc7labALdf
IWPCnHf3aUUQPDAMknuLZUEaV4m1Sto0hSvqfhT8IzC5kWSedrS9glOOuEyYbSb3
iyM/b3h9+0dkFde+s3YRpN3RP1+tqtIubWlTVbB8YtZULPWULz2a3k4JSZEJd4RR
dZl4C6t/2Oo=
=paAR
-----END PGP SIGNATURE-----
