Date: Mon, 7 Aug 2000 15:13:13 -0700 From: Elias Levy <aleph1@SECURITYFOCUS.COM> Subject: Brown Orifice To: BUGTRAQ-PRESS@SECURITYFOCUS.COM By now you should have all read about the Brown Orifice vulnerability in Netscape's implementation of Java. In reality the Brown Orifice program exploits two different vulnerabilities. The first vulnerability exploits two flaws in Netscape and Sun's Java implementations. The first flaw allows the applet to open a listening network socket. This flaw appears to be in Netscape's code. The second flaw allows an applet to accept connections on this socket. This flaw appears to be in Sun's code, but it seems to have been fixed in Sun's JDK for a while. Netscape's code from Sun is not up to date with the latest JDK. The second vulnerability exploits a flaw in Netscape's Java implementation. This flaw allows an applet to read any local files using an URL of type "file://". Detailed information on this flaws can be found at: http://www.securityfocus.com/bid/1545 http://www.securityfocus.com/bid/1546 -- Elias Levy SecurityFocus.com http://www.securityfocus.com/ Si vis pacem, para bellum