Bugtraq mailing list archives

Re: Dangerous Java/Netscape Security Hole

From: tkuiper () TOBIT COM
Date: Mon, 7 Aug 2000 07:40:30 UT

which versions are affected, even Netscape 6 PRE?

Best Regards,
Thomas

-------- Original Message --------
Subject: Dangerous Java/Netscape Security Hole (07-Aug-2000 9:35)
From:    dan=security () BRUMLEVE COM
To:      tkuiper () TOBIT COM

Dear BugTraq,

I've found some security holes in Java and Netscape
that allow arbitrary network access and read-access
for local files and directories.  As a demonstration
I've written Brown Orifice HTTPD, a web server and file
sharing tool that runs in Netscape Communicator on all
tested platforms.  For more information, see:

http://www.brumleve.com/BrownOrifice

Thomas Kuiper    | tkuiper () tobit com         | www.tobit.com     __
Core Development | ICQ #8345483              |                  /__/\
Tobit Software   | PGP Key on Request        | ask your server. \__\/

To: dan=security () BRUMLEVE COM
    BUGTRAQ () SECURITYFOCUS COM

Current thread:

Dangerous Java/Netscape Security Hole Dan Brumleve (Aug 07)
- Brown Orifice HTTPD Directory Traversal Vulnerability (was Re: Dangerous Java/Netscape Security Hole) TAKAGI, Hiromitsu (Aug 08)
  - Re: Brown Orifice HTTPD Directory Traversal Vulnerability (was Re: Dangerous Java/Netscape Security Hole) Michael H. Warfield (Aug 09)
- <Possible follow-ups>
- Re: Dangerous Java/Netscape Security Hole tkuiper (Aug 07)
  - Re: Dangerous Java/Netscape Security Hole Michael H. Warfield (Aug 07)
    - Re: Microsoft Windows 2000 Service Control Manager Named Pipe Impersonation Vulnerability maceo (Aug 08)
  - Re: Dangerous Java/Netscape Security Hole Art Savelev (Aug 08)
    - Re: Dangerous Java/Netscape Security Hole Andrew L . Davis (Aug 08)