Bugtraq mailing list archives
Re: MDKSA-2000:036 - netscape update
From: Kris Kennaway <kris () FREEBSD ORG>
Date: Mon, 28 Aug 2000 08:54:26 -0700
On Mon, 21 Aug 2000, Linux Mandrake Security Team wrote:
Problem Description: There exists a problem in all versions of Netscape from 4.0 to 4.74 with Java enabled. Under certain conditions, Netscape can be turned into a server that serves files on your local hard drive that Netscape has read access to and remote people can access it by connecting their web client to port 8080 on your machine if they know the IP address. This vulnerability has been fixed in Netscape 4.75.
This is not the vulnerability at all, but a single instance of an exploit for it. IMO, this advisory is misleading since just blocking port 8080 does not work around the problem. Kris -- In God we Trust -- all others must submit an X.509 certificate. -- Charles Forsythe <forsythe () alum mit edu>
Current thread:
- MDKSA-2000:036 - netscape update Linux Mandrake Security Team (Aug 21)
- Re: MDKSA-2000:036 - netscape update Kris Kennaway (Aug 28)