Lucene search
K

netscape.overflow.txt

🗓️ 28 Sep 2000 00:00:00Reported by Michal ZalewskiType 
packetstorm
 packetstorm
🔗 packetstormsecurity.com👁 15 Views

Netscape Navigator suffers from a remote buffer overflow vulnerability in password fields.

Code
`----- Forwarded message from Michal Zalewski <[email protected]> -----  
  
Approved-By: [email protected]  
Delivered-To: [email protected]  
Delivered-To: [email protected]  
X-Hate: Where do you want to go to die?  
Date: Thu, 28 Sep 2000 18:45:41 +0200  
Reply-To: Michal Zalewski <[email protected]>  
From: Michal Zalewski <[email protected]>  
Subject: Netscape Navigator buffer overflow  
To: [email protected]  
  
Haven't seen bugreport on it, so I decided to publish this vulnerability.  
In fact it's pretty old, but still unpublished: Netscape Navigator is  
vulnerable to trivial, remote buffer overflow attack when viewing prepared  
html:  
  
<form action=something method=something>  
<input type=password value=reallylongstring...>  
...other form tags...  
</form>  
  
If buffer is reasonably long, Netscape crashes with SEGV while trying to  
parse this tag (it happens around 16 kB of junk as value=) while calling  
function XFE_GetFormElementInfo(). It is not a stack overflow, but, as  
some pointers are overwritten, it seems to be exploitable. If someone has  
free time and good will, could try - recall JPEG comment heap overflow.  
  
Only type=password is vulnerable to this attack.  
  
_______________________________________________________  
Michal Zalewski [[email protected]] [tp.internet/security]  
[http://lcamtuf.na.export.pl] <=--=> bash$ :(){ :|:&};:  
=-----=> God is real, unless declared integer. <=-----=  
  
----- End forwarded message -----  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation