Re: Netscape 4 DoS/Possibly exploitable buffer overflow. (fwd)

From: Roland Grefer (btirgat_private)
Date: Thu Feb 19 1998 - 09:56:53 PST

  • Next message: Christopher Blizzard: "[Fwd: MIT Kerberos V5 R1.0.5 is released]"

    Here we go again ...
    Date: Wed, 18 Feb 1998 15:57:37 -0500 (EST)
    From: Roland Grefer <btirgat_private>
    To: bugtraqat_private
    Subject: Re: Netscape 4 DoS/Possibly exploitable buffer overflow.
    Netscape 4.04 on NT 4.0 with SP3 has a buffer overflow in bookmarks, too.
    Tests with strings up to 3976 bytes did not cause any problems;
    strings of 3977 bytes length and above crashed netscape while it
    was loading the bookmark file. The "Dr. Watson" log file did not
    reveal any obvious indications.
    Test entry in bookmark.htm (all in one line):
        <DT><A HREF="" ADD_DATE="886800988"
    Any insights regarding this length (buffer size) are welcome. The total
    line length including the 4 leading blanks is 4090 bytes. I would have
    expected a somewhat more "standard" buffer size of a multiple of 1024
    (in this case: 4096) to be the limit/problem.
    I have not reported this issue to Netscape. I did not find any reference
    to this issue in the FAQs and bug reports at Netscape's web site.
    On Mon, 12 Jan 1998, Laslo Orto wrote:
    > Netscape (version verified is 4.03) has a buffer overflow bug in their
    > bookmarks code. When somebody goes to a web page with a very long title
    > (6-8k) and then s/he bookmarks the page, netscape will start crashing at
    > loading bookmark.htm on startup. It's similar to the IE4 bug discovered
    > not long ago, but here you have to get the victim to bookmark the attackers
    > page.
    > Laslo Orto                              Computer Pages / Better.Net
    > Systems Administrator                   253 Sheppard Ave. West
    > lasloat_private / lasloat_private       Toronto, Canada M2N 1N2
    > /           Ph: +1 416 225 3030
    >                                         Fax: +1 416 225 6737
    - - - - - - - - - - - - - - - - - - - - - - - - - + - - - - - - - - - - - -
    Roland Grefer          | Department of Labor      | Ph: +1-202-219-8432x329
    Senior Systems Analyst | Nat'l Office ETA/UIS/DIT | Fx: +1-202-219-8506
    -=|=- -=|=- -=|=- -=|=-| 200 Constitution Ave, NW | -=|=- -=|=- -=|=- -=|=-
    Base Technologies, Inc | Washington, DC 20210     | btirgat_private
    - - - - - - - - - - - - - - Speaking for myself - + - - - - - - - - - - - -

    This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:42:44 PDT