Bugtraq mailing list archives

Communicator exploits

From: fernand.portela () IBM NET (Fernand Portela)
Date: Fri, 10 Apr 1998 14:06:08 +0200


This is a multi-part message in MIME format.
--------------C3265FC716C909831247B1CC
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

Hi,

A few weeks ago, I've posted in this mailing-list an advisory about
issues in Netscape Communicator. Since a fixed release (4.05) is now
available to users, I think I can publish the exploits themselves.

If you received this mail in Communicator 4.04 or previous (NN2.x and
3.x are not vulnerable), simply click the links in the attached HTML
document for a demonstration of the bugs.
_______________________________________________________________________

Fernand PORTELA                                               aka Nando
fernand.portela () ibm net                                nando () mygale org
                                           http://www.mygale.org/~nando
--------------C3265FC716C909831247B1CC
Content-Type: text/html; charset=us-ascii; name="attacks.html"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline; filename="attacks.html"


<html>
<head>
<script><!--
function load_page() {
  w = window.open( '', 'prefs' );
  w.origin = window.document.URL;
}
//--></script>
</head>
<body>
<p>Click here
for a demonstration of the first exploit.
<p>Click here
for a demonstration of the second exploit.
</body>
</html>



--------------C3265FC716C909831247B1CC--

Current thread:

portmap 4.0-8 DoS, (continued)
- portmap 4.0-8 DoS Michal Zalewski (Apr 01)
  - Re: portmap 4.0-8 DoS Peter van Dijk (Apr 07)
  - BSDI inetd crash Mark Schaefer (Apr 07)
    - Re: BSDI inetd crash FrontLine Assembly (Apr 08)
    - SGI O2 ipx security issue Fabrice Planchon (Apr 08)
    - BIND vulnerability test program.. Joshua J. Drake (Apr 09)
    - (Q) Sun Rpcbind problem. Chiaki Ishikawa (Apr 10)
    - Re: (Q) Sun Rpcbind problem. Casper Dik (Apr 10)
    - Wietse's RPCBIND Wietse Venema (Apr 10)
    - announce: weaken for netscape !! (fwd) Ken Williams (Apr 10)
    - Communicator exploits Fernand Portela (Apr 10)
    - Sun rpcbind Nicolas Dubee (Apr 10)
    - Re: Sun rpcbind Aaron Bornstein (Apr 10)
  - QW vulnerability Glenn F. Maynard (Apr 07)
  - AppleShare IP Mail Server Chris Wedgwood (Apr 07)
    - Re: AppleShare IP Mail Server David Luyer (Apr 07)
    - Re: AppleShare IP Mail Server James W. Abendschan (Apr 07)
- Geac ADVANCE library system security HOLE GAVRILIS DIMITR (Apr 02)
  - Re: Geac ADVANCE library system security HOLE Damian Kelly (Apr 03)
  - Announce : Nessus Alpha 1 Renaud Deraison (Apr 04)
  - mailrc and pine security holes Michal Zalewski (Apr 05)

(Thread continues...)