Re: Time to update those CGIs again

[petrov () OWLNET RICE EDU (Sam Carter)]

On Wed, 6 Oct 1999, 3APA3A wrote:

> -  there  is no such problem. Can you say the version of Netscape with
> this bug?

The default netscape with RH5.2 (4.08), and glibc Netscape 4.61 for linux
are both vulnerable.  Netscape 4.04, 4.07, 4.51, and 4.6 under solaris are
all vulnerable.  Netscape 3.03 under solaris is *not* vulnerable.

Here's the full version numbers of the vulnerable versions:
Linux (x86):
Netscape 4.08/Export, 02-Nov-98; (c) 1995-1998 Netscape Communications Corp.
Netscape 4.61/U.S., 27-May-99; (c) 1995-1998 Netscape Communications Corp.

Solaris (sparc):
Netscape 4.04/Export, 06-Nov-97; (c) 1995-1997 Netscape Communications Corp.
Netscape 4.07/U.S., 29-Sep-98; (c) 1995-1998 Netscape Communications Corp.
Netscape 4.51/U.S., 27-Feb-99; (c) 1995-1998 Netscape Communications Corp.
Netscape 4.6/Export, 04-May-99; (c) 1995-1998 Netscape Communications Corp.

And this one is not vulnerable:
Netscape 3.03/export, 28-Jul-97; (c) 1995,1996 Netscape Communications Corp.

It looks like they introduced a bug in their build tree for Unix in
version 4.x.

I also ran a few cursory tests with other characters with the high bit
set, and it appears that only the two (0x8b and 0x9b) mentioned earlier
provoke any odd behavior.  I couldn't find a correspondly character that
mapped to &, the other metacharacter in HTML, but maybe I was looking in
the wrong place.

sam