Dan Brumleve, a US-based consultant and developer, has discovered a security hole in Netscape Navigator, and written an exploit - termed Brown Orifice - that gives malicious Web sites access to users` file systems.
"I`ve discovered a pair of new capabilities in Java, one residing in the Java core and the other in Netscape`s Java distribution," writes Brumleve on his site at http://www.brumleve.com. "The first (exploited in BOServerSocket and BOSocket) allows Java to open a server which can be accessed by arbitrary clients. The second (BOURLConnection and BOURLInputStream) allows Java to access arbitrary URLs, including local files."
Brumleve - who claims to have 15 years of programming experience - has made the code for the attack freely available on his Web site. "Brown Orifice HTTPD for Netscape Communicator will serve files from a directory of your choice, and will also act as an HTTP/FTP proxy server," he says.
To protect themselves, users should disable Java in their browsers. To do this, select "edit", "preferences", "advanced options", and then uncheck "enable Java" and "enable Javascript".
In 1998 he found three security holes in Netscape, one called "Cache Cow", which retrieved a user`s browsing history, a second called "Son of a Cache Cow", which allowed servers to steal the contents of local directories and bypass cookie security, and a buffer overflow exploit for Unix-based systems. In 1997, Brumleve discovered another Netscape exploit, termed "Tracker", which leveraged a JavaScript problem.
Share