I have found a buffer overflow in Netscape Communicator probably affecting all versions. The problem occurs when Communicator attempts to validate any key where the key length is > 2k. I have tested this on 4.61 and 4.7, unix (Irix) and Windows. Netscape has been notified of the problem and expect a fix for 4.8. As the problem manifests during the check of the key, any portion of the key chain which has a key > 2k triggers the problem. Thus, the potential for widespread DoS attacks via email. I suspect, but have not pursued, the possibility of exploiting the overflow to execute arbitrary code. -- Michael Breuer mbreuerat_private
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:07:42 PDT