I submitted this to Bugtraq a while ago, Aleph One queried it and it has
taken me some time to recheck it. So apologies for not re-submitting
this earlier.
Problem:-
It is possible to mistakenly use a browser (settings/passwords etc.)
that is being run on another machine to the one you expect.
How to recreate:-
Take two unix boxes (A and B), on the console of A, run X and allow B to
access the screen (using the xhost command). Telnet into B and (after
setting the DISPLAY env) run netscape.
You now get a copy of netscape running on b (type "file:/etc/hostname"
in the location bar)
Open a new xterm on A and run netscape, a new window appears, but it is
just another instance of B's program (again type "file:/etc/hostname" to
check).
Why this might be a risk:-
You have two computers that you use, B has a connection to the internet
and A holds personal data. You follow the instructions above and type
file:/usr/me/stuff.txt, you are actually reading the file off B not A.
Also if you use this new window to browse an intranet, all
cookie/password/bookmarks will be stored and read from B, leaving B as a
target.
Vulnerable Systems
I've checked this on two Debian (Ham) boxes running communicator 4.05
and 4.51. The problem does not (according to Aleph) appear with Red Hat
(which is why I suspect it may be a Debian specific problem).
Graham
--
-------------------------------------------------------------------------------
Graham Evans Tel +44 (0) 1424 211002
Internet Consultant Fax +44 (0) 1424 217107
Bespoke Continental gevans@bespoke-continental.co.uk
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:47:16 PDT