Hi, This attack can now be detected by the following IDS signatures: http://dev.whitehats.com/cgi/test/new.pl/Show?_id=web-netscape-overflow-unixware http://dev.whitehats.com/cgi/test/new.pl/Show?_id=outgoing_xterm http://dev.whitehats.com/cgi/test/new.pl/Show?_id=nops-x86 These signatures are also available as part of http://dev.whitehats.com/ids/vision.conf Note that each record includes packet traces from usage of an actual exploit attempt. Max Vision http://whitehats.com/ <- free tools, forums, IDS database http://maxvision.net/ On Fri, 31 Dec 1999, Brock Tellier wrote: > OVERVIEW > A vulnerability in Netscape FastTrack 2.01a will allow any remote user to > execute commands as the user running the httpd daemon (probably nobody). This > service is running by default on a standard UnixWare 7.1 installation. > > /** uwhelp.c - remote exploit for UnixWare's Netscape FastTrack > ** 2.01a scohelp http service > **
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:25:24 PDT