Bugtraq mailing list archives

Re: Another Netscape 4.07 cache reading bug

From: jkwilli2 () UNITY NCSU EDU (Ken Williams)
Date: Fri, 9 Oct 1998 00:22:12 -0400


-----BEGIN PGP SIGNED MESSAGE-----

On Thu, 8 Oct 1998, Georgi Guninski wrote:

| Date: Thu, 8 Oct 1998 22:20:19 -0400
| From: Georgi Guninski <guninski () USA NET>
| To: BUGTRAQ () netspace org
| Subject: Another Netscape 4.07 cache reading bug
|
| I have found a new bug in Netscape Communicator 4.07, 4.05 (probably others),
| which allows reading the user's cache (the URLs the user has visited, including the info in GET forms).
| The bug uses Javascript - a link to 'about:<SCRIPT>...javascript code...</SCRIPT>' does the work.
|
| A demo is available at: http://www.freeyellow.com/members5/guninski/ncache.html
|
| Part of the code is borrowed from Dan Brumleve <nothing () shout net>, for better goodies see:
| http://www.shout.net/~nothing/son-of-cache-cow/index.html
| Workaround: Disable Javascript.
|
| Regards,
| Georgi Guninski
|
|
| ____________________________________________________________________
| Get free e-mail and a permanent address at http://www.netaddress.com/?N=1
|


Hello,

Netscape 4.05, 4.07 (and 3.01 and 3.0 Gold) for Solaris 2.51 and for
Linux Red Hat 5.0 and 5.1 are NOT vulnerable to this bug.

- --
Ken Williams

Packet Storm Security http://www.Genocide2600.com/~tattooman/index.shtml
E.H.A.P. Corporation  http://www.ehap.org/  ehap () ehap org info () ehap org
NCSU Comp Sci Dept    http://www.csc.ncsu.edu/ jkwilli2 () adm csc ncsu edu
PGP DSS/DH/RSA Keys   http://www4.ncsu.edu/~jkwilli2/pgpkey/

__________________________________________________
Get Your Private, Free Email at http://www.nsa.gov

-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 5.0i for non-commercial use
Charset: noconv

iQEVAwUBNh2PZZDw1ZsNz1IXAQFeWAf/XmotliDh4/S6trSfBn7C0EYrDesE2zPB
g83VIWB7ShvMDX5BDXPYwnCeUA23xUpzaKw+b180KKIpwjsvO2umHd1VM59beOSZ
shzfM6UtSrd89IGjN7UyPVAxhPfkY3H8sIY6nm8oAIPT/rAYEbbJdHO/UbCvtNk1
qAq7LVw4m9c4W5mFzqTM1HAzEsyUFWPusD6n1nviBDobY2EYrQi33iPTRpmaPru/
YPi9ppM2QRYiB1OqR7qlrzPX7tOBE2Lq1JO2tmVJ2LfpTs/5BC5dVhvkRE0Uzwhw
NgyKr2F1s4Hvv1imnlrDni9sSfm9hCuqQiwNZ26vHaYlJP2aRAvDtw==
=ZICv
-----END PGP SIGNATURE-----

Current thread:

Possible login name leak on SunOS 5.6, (continued)
- - - Possible login name leak on SunOS 5.6 Pete Krawczyk (Oct 12)
    - Re: Redhat man exploit John Brahy (Oct 09)
  - Overflow in zgv-4.1? onix (Oct 07)
    - Re: Overflow in zgv-4.1? Paul Boehm (Oct 09)
    - The Cuartango Security Hole in IE4 Aleph One (Oct 12)
  - SCO Openserver 5.0.5 syn-floodable Eric (Oct 08)
  - Re: linux 2.0.35 ip aliasing with aliased hwaddr pedward () WEBCOM COM (Oct 08)
  - more Netscape 4.07 javascript security Max Vision (Oct 08)
    - Re: more Netscape 4.07 javascript security Peter W (Oct 11)
  - Another Netscape 4.07 cache reading bug Georgi Guninski (Oct 08)
    - Re: Another Netscape 4.07 cache reading bug Ken Williams (Oct 08)