I submitted this to Bugtraq a while ago, Aleph One queried it and it has taken me some time to recheck it. So apologies for not re-submitting this earlier. Problem:- It is possible to mistakenly use a browser (settings/passwords etc.) that is being run on another machine to the one you expect. How to recreate:- Take two unix boxes (A and B), on the console of A, run X and allow B to access the screen (using the xhost command). Telnet into B and (after setting the DISPLAY env) run netscape. You now get a copy of netscape running on b (type "file:/etc/hostname" in the location bar) Open a new xterm on A and run netscape, a new window appears, but it is just another instance of B's program (again type "file:/etc/hostname" to check). Why this might be a risk:- You have two computers that you use, B has a connection to the internet and A holds personal data. You follow the instructions above and type file:/usr/me/stuff.txt, you are actually reading the file off B not A. Also if you use this new window to browse an intranet, all cookie/password/bookmarks will be stored and read from B, leaving B as a target. Vulnerable Systems I've checked this on two Debian (Ham) boxes running communicator 4.05 and 4.51. The problem does not (according to Aleph) appear with Red Hat (which is why I suspect it may be a Debian specific problem). Graham -- ------------------------------------------------------------------------------- Graham Evans Tel +44 (0) 1424 211002 Internet Consultant Fax +44 (0) 1424 217107 Bespoke Continental gevans@bespoke-continental.co.uk
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:47:16 PDT