lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <Pine.LNX.4.33.0211262010160.28325-100000@lissu.solutions.fi>
From: jouko at solutions.fi (Jouko Pynnonen)
Subject: Netscape 4 Java buffer overflow


The Java implementation of Netscape 4 contains a buffer overflow 
vulnerability. Arbitrary code may be run on a Netscape user's system 
when a web page containing a malicious applet is viewed.

The buffer overflow happens in the method canConvert() of the class 
sun.awt.windows.WDefaultFontCharset. An applet may trigger the overflow 
by passing a long string to the constructor of the class and invoking the 
method canConvert() on the created instance. In Java:

  new WDefaultFontCharset(long_string).canConvert('x');

The vulnerability is trivial case of buffer overflow. Its 
exploitability has been confirmed with an exploit which runs a program 
when a web page is viewed.

Netscape 4 has a very limited user base nowadays. Other Netscape 
versions use Sun Microsystem's Java Plug-in so they aren't vulnerable. 
This vulnerability only affects the Windows platform which limits the 
number of vulnerable systems further. The vulnerability doesn't appear 
exploitable on other browsers. Netscape and Sun Microsystems were 
informed about the problem in August 2002. Netscape 4 users can protect 
from the flaw by disabling Java in Preferences.


  Jouko Pynn?nen
  jouko@...utions.fi

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ