Netscape Client vulnerability (Patch available) ------------------------------------------------------------------------ SUMMARY Netscape is a popular web browser, available in several versions with the FreeBSD ports collection. Versions of Netscape prior to 4.76 allow a client-side exploit through a buffer overflow in html code. A malicious website operator can cause arbitrary code to be executed by the user running the Netscape client. DETAILS Vulnerable systems: Netscape version 4.76 Corrected: 2000-10-29 Impact: Remote attackers can execute arbitrary code on the local system by convincing users to visit a malicious website. If you have not chosen to install the Netscape port/package, then your system is not vulnerable to this problem. Workaround: Uninstall the Netscape port/package, if you have installed it. Solution: One of the following: 1) Upgrade your entire ports collection and rebuild the relevant Netscape port. 2) Uninstall the old package and install a new package dated after the correction date, obtained from the following directories: <ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/www/> ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/www/ <ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/www/> ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/www/ <ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/www/> ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/www/ <ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/www/> ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/www/ <ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/www/> ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/www/ Since there are so many variations of the Netscape ports in the FreeBSD ports collection they are not listed separately here. Localized versions are also available in the respective language subdirectory. 3) Download a new port skeleton for the Netscape port from: <http://www.freebsd.org/ports/> http://www.freebsd.org/ports/ And use it to rebuild the port. 4) Use the portcheckout utility to automate option (3) above. The portcheckout port is available in /usr/ports/devel/portcheckout or the package can be obtained from: < ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/devel/portcheckout-2.0.tgz > ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/devel/portcheckout-2.0.tgz < ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/devel/portcheckout-2.0.tgz > ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/devel/portcheckout-2.0.tgz < ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/devel/portcheckout-2.0.tgz > ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/devel/portcheckout-2.0.tgz < ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/devel/portcheckout-2.0.tgz > ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/devel/portcheckout-2.0.tgz < ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/devel/portcheckout-2.0.tgz > ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/devel/portcheckout-2.0.tgz -- Eko Sulistiono MIKRODATA & AntiVirus Media Web: http://www.mikrodata.co.id/ WAP: http://www.mikrodata.co.id/wap/index.wml This message contains no viruses. Guaranteed by AVP. ------------------------------------------------------------------------ Forum Komunikasi Penulis-Pembaca MIKRODATA (FKPPM) Informasi : http:[EMAIL PROTECTED] Arsip : http://www.mail-archive.com/forum%40mikrodata.co.id/ WAP : http://mikrodata.co.id/wap/index.wml Milis ini menjadi kontribusi beberapa rubrik yang diasuh tim MIKRODATA. Termasuk rubrik-rubrik yang ada di media lain. Memakai, Menyebarluaskan, dan Memperbanyak software bajakan adalah tindakan kriminal. Please check with the latest AVP update before you ask about virus: ftp://mikrodata.co.id/avirus_&_security/AntiViral_Toolkit_Pro/avp30.zip
