[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: lynx-dev Re: Netscape 4.7 argument bug
From: |
Philip Webb |
Subject: |
Re: lynx-dev Re: Netscape 4.7 argument bug |
Date: |
Sat, 8 Jan 2000 13:45:01 -0500 |
000108 Mixter wrote:
> It seems the netscape problem found by darkspyrit -- oversized arguments
> to CGI's via GET -- might be a vulnerability issue in other browsers.
> I tried accessing the sample exploit page http://www.beavuh.org/nscape.htm
> with Lynx 2-8-1pre.9 and nothing happened,
> but when I tried saving the page with 'p' to disk, it got a segv:
you should have pointed out the problem: a very long default filename,
which the user can override & surely would if not very careless.
> Here is a backtrace from the lynx core file:
> (gdb) bt
> #0 0x1ad811 in __kill ()
> #1 0x1ad63f in raise (sig=6) at ../sysdeps/posix/raise.c:27
> #2 0x1ae84f in abort () at ../sysdeps/generic/abort.c:83
> #3 0x80602e8 in _start ()
> #4 0xc0de0001 in ?? ()
no problems with 2-8-3dev.14 , which saved to disk with the very long name.
i have a vague memory that some such long-name problem was fixed last year.
always test the latest version of Lynx from sol.slcc.edu/lynx/current/ :
Lynx is continually improving both behaviour & resilience.
--
========================,,============================================
SUPPORT ___________//___, Philip Webb : address@hidden
ELECTRIC /] [] [] [] [] []| Centre for Urban & Community Studies
TRANSIT `-O----------O---' University of Toronto