MDKSA-2000:033

Package name

netscape

Date

2000-08-10

Advisory ID

MDKSA-2000:033

Affected versions

6.1 i586 , 6.0 i586 , 7.0 i586 , 7.1 i586

Problem description

There exists a problem in all versions of Netscape with Java enabled. Under certain conditions, Netscape can be turned into a server that serves files on your local hard drive that Netscape has read access to and remote people can access it by connecting their web client to port 8080 on your machine if they know the IP address. For a demonstration of this vulnerability visit http://www.brumleve.com/BrownOrifice/. Linux-Mandrake recommends you disable Java to make Netscape invulnerable to this exploit. You can disable Java by hand in Edit -> Preferences -> Advanced. You can also remove the preferences.js file by using: rm -f ~/.netscape/preferences.js

Updated packages

6.1 i586

 na 6.1/RPMS/na

6.0 i586

 na 6.0/RPMS/na

7.0 i586

 na 7.0/RPMS/na

7.1 i586

 na 7.1/RPMS/na