Re: Netscape Communicator 4.5 can read local files

From: Sven Carstens (sven@MSC-MEDIA.DE)
Date: Wed Nov 25 1998 - 12:58:46 PST

Next message: Paul Mansfield: "APC PowerNet SNMP Adapter Security Issues - Beta Firmware"

Previous message: kpm: "Re: Netscape Communicator 4.5 can read local files"
Maybe in reply to: Georgi Guninski: "Netscape Communicator 4.5 can read local files"
Next in thread: Norbert Luckhardt: "Re: Netscape Communicator 4.5 can read local files"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

>I have just tested this bug in Netscape 4.5 on a RedHat Linux 5.1 machine,
>Kermel 2.0.34 and with minor patching of the java, it is also effective.  I
>was sucessful in retrieving ANY LOCAL FILE with the World readable
>attribute. This includes the /etc/passwd file!  In netscape,
>Edit>Preferences>Advanced>Disable Javascript in Mail and News will block
>this exploit, unless the person has access to your web server.

I tried it with Kernel 2.0.35 and Netscape 4.08.
java40.jar is 1886016 bytes Okt 13 19:14

All I get is this Message :

JavaScript Error: uncaught Java exception
netscape/security/AppletSecurityException
("security.checkread: Read of '/tmp/test'
not permitted")

Next message: Paul Mansfield: "APC PowerNet SNMP Adapter Security Issues - Beta Firmware"
Previous message: kpm: "Re: Netscape Communicator 4.5 can read local files"
Maybe in reply to: Georgi Guninski: "Netscape Communicator 4.5 can read local files"
Next in thread: Norbert Luckhardt: "Re: Netscape Communicator 4.5 can read local files"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:24:16 PDT