W3C home > Mailing lists > Public > w3c-wai-ig@w3.org > October to December 1998

FYI: Security holes

From: Robert Neff <rcn@fenix2.dol-esa.gov>
Date: Wed, 14 Oct 1998 08:04:55 -0400
Message-ID: <01BDF749.551429E0.rcn@fenix2.dol-esa.gov>
To: "'w3c-wai-ig@w3.org'" <w3c-wai-ig@w3.org>
Guard your privacy from Cache Cow and the Cuartango Hole
Dan Brumleve wrote with word of a new vulnerability he had discov-ered in 
all versions of Netscape Navigator. (Internet Explorer is immune.) See the 
exploit page [10]. The exploit, which Brumleve calls Cache-Cow, captures 
the entire browsing history of the victim's copy of Navigator, including 
all form data that has ever been sent via the GET method-including any 
passwords. The exploit uses Java-Script to compromise all versions of 
Navigator prior to 4.06; a slightly reworked version of the CGI script [11] 
fells 4.06 as well.
According to one security researcher, the same vulnerability can be 
exploited via email. This means your browser cache could be stolen if you 
simply read an email message.
Netscape acknowledged the Cache-Cow vulnerability [12] and released version 
4.07 of Navigator and Communicator to fix it. Five days later Brumleve 
posted Son-of-Cache-Cow [13] (Cache-Calf?). It steals the cache off of 4.07 
in exactly the same way. Netscape has acknow-ledged [14] this one too, 
calling it the Injection Bug. Unlike the earlier acknowledgement [12], this 
one does not mention Brumleve by name. Perhaps they're getting annoyed with 
him.
A more serious security threat affecting Internet Explorer 4.01 was 
discovered by Web developer Juan Carlos Garcia Cuartango. Using the 
Cuartango Hole [15], an attacker can steal any file off your disk for which 
the name and location are known or can be guessed. Here is the discoverer's 
exploit page [16]. Microsoft has confirmed the problem and is working on a 
fix, Wired reports [17], but I couldn't find any mention of Cuartango on 
Microsoft's security site [18].
[10] http://www.shout.net/~nothing/cache-cow/
[11] http://www.shout.net/nothing/view-cache-cow-4.06.cgi
[12] 
http://home.netscape.com/products/security/resources/bugs/brumlevecache.  
html
[13] http://www.shout.net/~nothing/son-of-cache-cow/index.html
[14] http://home.netscape.com/products/security/resources/bugs/injection  
.html
[15] http://www.wired.com/news/news/technology/story/15530.html
[16] http://pages.whowhere.com/computers/cuartangojc/cuartangoh1.html
[17] http://www.wired.com/news/news/technology/story/15459.html
[18] http://www.microsoft.com/security/
    ________________

..Microsoft patches "Cross-Frame" security hole
Fixing a problem before we knew there was one
Eric Scheid forwarded this tidbit from the TidBITS newsletter. In-ternet 
Explorer versions 3.x and 4.x on Windows and Macintosh is susceptible to 
what Microsoft is calling the Cross-Frame Security Bug [19]. In all cases 
the supplied patch works on 4.01 versions of the browser; users of earlier 
versions are advised to upgrade and then to download the patch. The bug 
would allow an attacker to access files on local disks [20]. Under Windows, 
any program that uses the IE HTML engine (such as Quicken and Eudora) would 
also be vulnerable until the IE patch was applied.
[19] http://www.microsoft.com/ie/security/?/ie/security/xframe.htm
[20] http://www.microsoft.com/ie/security/xframe-details.htm
    ________________

..Access to government cookies denied
Received on Wednesday, 14 October 1998 08:05:04 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 19 July 2011 18:13:40 GMT