Archive of UserLand's first discussion group, started October 5, 1998.

Netscape 6 security hole?

Author:Jake Savin
Posted:8/8/2000; 4:57:29 PM
Topic:Netscape 6 security hole?
Msg #:19591
Prev/Next:19590 / 19592

Does anyone know what this is?

http://www.brumleve.com/BrownOrifice/

It's apparently an HTTP daemon that runs in the NS6 client.

From the page:

I've discovered a pair of new capbilities in Java, one residing in the Java core and the other in Netscape's Java distribution. The first (exploited in BOServerSocket and BOSocket) allows Java to open a server which can be accessed by arbitrary clients. The second (BOURLConnection and BOURLInputStream) allows Java to access arbitrary URLs, including local files.

As a demonstration, I've written Brown Orifice HTTPD for Netscape Communicator. BOHTTPD is a browser-resident web server and file-sharing tool that demonstrates these two problems in Netscape Communicator. BOHTTPD will serve files from a directory of your choice, and will also act as an HTTP/FTP proxy server.

WARNING: Brown Orifice is a SECURITY HOLE, not a toy. Files in the directory you specify are likely to be downloaded by other people. You must completely exit Netscape in order to turn it off.

Also:

WHOA! I just saw a Windows 2000 system that was still running BOHTTPD even after Netscape had been apparently terminated. Even the "Task Manager" showed no trace.

There are responses to this message:

This page was archived on 6/13/2001; 4:56:02 PM.

© Copyright 1998-2001 UserLand Software, Inc.