Bugtraq mailing list archives
Is _your_ Netscape under remote control
From: martinh () mailhost emap co uk (martinh () mailhost emap co uk)
Date: Fri, 24 May 1996 15:58:39 +0000
Anyone else seen this? Netscape 1.1 and higher can be controlled remotely. This can be abused in many ways as Netscape can be made to open URL's add bookmarks, open local files and save local files without informing the user. A possible exmple of an exploit would be a WWW server that serves a page of HTML with say, "+ +" on a line by itself as a comment. Maybe this server runs a program when it's accessed (server side include maybe), and possibly this then runs: netscape2 -remote 'SaveAs(~/.rhosts)' and if the browsing user has an open X display anyone can then log into their account. Obviously this would be worse if root was running Netscape. This could also be used to have an idle netscape visit various pages of dubious virtue and bookmark them all, then the prankster can stop by the victim and have a laugh at their expense... The problem is that Netscape relies on X for it's protection, it can write files without telling the user, and there are far too many open X displays out there. The Windows and Mac versions also have their own remote control but I'll leave someone else to look at them... See http://home.netscape.com/newsref/std/x-remote.html for instructions on controlling Netscape for X remotely. M. ################################################################## # Martin Hargreaves (martin () datamodl demon co uk) Computational # # Director, Datamodel Ltd Chemist # # Contract Unix system admin/Unix security Sysadmin # ##################################################################
Current thread:
- Re: Denial of Service Attacks INFO, (continued)
- Re: Denial of Service Attacks INFO Fred Cohen (May 22)
- Re: Denial of Service Attacks INFO Tim Newsham (May 22)
- Re: Denial of Service Attacks INFO Jonny Llama (May 22)
- Re: Denial of Service Attacks INFO Matthew Harding (May 23)
- Re: Denial of Service Attacks INFO Fred Cohen (May 23)
- /dev/openprom problems - Solaris 1 or Solaris 2 Matthew Harding (May 24)
- Possible bug in solaris2.4 ? Tequila System Admin (May 24)
- Re: Possible bug in solaris2.4 ? Dave Barr (May 24)
- Re: /dev/openprom problems - Solaris 1 or Solaris 2 Jamie (May 25)
- Re: /dev/openprom problems - Solaris 1 or Solaris 2 Dan Stromberg (May 26)
- Is _your_ Netscape under remote control martinh () mailhost emap co uk (May 24)
- Re: Is _your_ Netscape under remote control Chris Burris (May 24)
- CIAC Bulletin G-25: SUN statd Program Vulnerability David Crawford (May 24)
- Re: Is _your_ Netscape under remote control Phillip Wherry (May 24)
- Re: Is _your_ Netscape under remote control Dave Taylor (May 23)
- Re: Is _your_ Netscape under remote control Darrell Fuhriman (May 24)
- Re: Is _your_ Netscape under remote control Dave Horsfall (May 25)
- Re: Is _your_ Netscape under remote control Wolfgang Ley (May 27)
- Re: Is _your_ Netscape under remote control Sven Neuhaus (May 24)
- Re: Is _your_ Netscape under remote control Roger Espel Llima (May 24)