Netscape 4.x buffer overflow

From: Michael Breuer (mbreuerat_private)
Date: Fri Oct 15 1999 - 06:21:13 PDT

Next message: Perly: "Re: execve bug linux-2.2.12"

Previous message: Aleph One: "Microsoft Security Bulletin (MS99-042)"
Next in thread: Max Vision: "Netscape 4.x buffer overflow"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

I have found a buffer overflow in Netscape Communicator probably affecting all versions. The problem occurs when Communicator
attempts to validate any key where the key length is > 2k.  I have tested this on 4.61 and 4.7, unix (Irix) and Windows.  Netscape
has been notified of the problem and expect a fix for 4.8.

As the problem manifests during the check of the key, any portion of the key chain which has a key > 2k triggers the problem.  Thus,
the potential for widespread DoS attacks via email.  I suspect, but have not pursued, the possibility of exploiting the overflow to
execute arbitrary code.
--
Michael Breuer
mbreuerat_private

Next message: Perly: "Re: execve bug linux-2.2.12"
Previous message: Aleph One: "Microsoft Security Bulletin (MS99-042)"
Next in thread: Max Vision: "Netscape 4.x buffer overflow"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:07:42 PDT