I tested this vulnerability on a Win2k Professional machine(AKA Windows NT WS 2000) running the currently downloadable version of Communicator 4.7 and found it to be vulnerable. After executing the test hyperlink on beavuh.org's page on my client machine, I was able telnet to a remote shell on port 6968 of my client machine. **One thing to note though** After clicking on this link, Communicator stopped responding and I let it sit for about 3 minutes thinking it might come back. Eventually I had to kill it with Task Manager. After killing Netscape, the remote shell was lost on the target machine and the Telnet session was disconnected. This only leaves a small amount of time for the malicious person to exploit the remote shell before the end user kills Netscape for not responding. You would think Netscape might post a patch since this is still a problem with the version they have for download, and the exploit was posted over a month ago. -Z -----Original Message----- From: dark spyrit [mailto:dspyritat_private] Sent: Friday, December 03, 1999 10:48 PM To: BUGTRAQat_private Subject: Netscape Communicator 4.7 exploit [NT/win2k]. Here's an exploit for the 4.7 hole released not so long ago, it appears Netscape has patched the version that is currently available for download. Nothing mentioned on their page that I could see, just trying to sly it through eh? On ya. Head to http://www.beavuh.org to test your system. It has been tested on NT only, but should also work on win2k.. the exploit would need recoding for 9x - I don't have either OS I'm afraid. More details are available on the page. In other news.. here's a special offer: Free beavuh goodies to anyone who can send me valid pictures of the gagging wolf in action. Hi to w00w00/ADM/teso ..and hi to ISS for giving useable details on a vulnerability for once. dark spyrit http://www.beavuh.org - bend over and pray.
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:27:08 PDT