Security hole in Netscape Communicator's 4.5

    Date07 Dec 1999
    CategorySuSE
    4138
    Posted ByLinuxSecurity Advisories
    The Netscape Communicator 4.5 comes with "talkback", a quality enhancement tool by Fullcircle (www.fullcircle.com). If the communicator crashs for any reason, the file with the name /tmp/.$UID.talkback is read in, and the pid in this file is killed. After that, the file is truncated/created without checks for {sym|hard}links and the pid of the current talkback process is written into the file.
    
    ______________________________________________________________________________
    
                            SuSE Security Announcement
    
            Package:  netscape-4.5-9
            Date:     Thu Mar 18 10:22:11 CET 1999
            Affected: unix operating systems using netscape communicator 4.5
    
    ______________________________________________________________________________
    
    A security hole was discovered in the package mentioned above.
    Please update as soon as possible or disable the service if you are using
    this software on your SuSE Linux installation(s).
    
    Other Linux distributions or operating systems might be affected as
    well, please contact your vendor for information about this issue.
    
    Please note, that that we provide this information on as "as-is" basis only.
    There is no warranty whatsoever and no liability for any direct, indirect or
    incidental damage arising from this information or the installation of
    the update package.
    
    ______________________________________________________________________________
    
    1. Problem Description
    
        The Netscape Communicator 4.5 comes with "talkback", a quality
        enhancement tool by Fullcircle (www.fullcircle.com).
        If the communicator crashs for any reason, the file with the
        name
    	/tmp/.$UID.talkback
        is read in, and the pid in this file is killed.
        After that, the file is truncated/created without checks for
        {sym|hard}links and the pid of the current talkback process is
        written into the file.
    
    2. Impact
    
        Anyone on the system can kill a process of users if their communicator
        crashs.
        Anyone on the system can overwrite/create any file an attacked users#
        has write access to.
        We didn't check if there's a buffer overflow possible when the talkback
        application reads in the file.
    
    3. Solution
    
        Disable talkback. You may do this my executing the following commands
        (your path to netscape may differ):
    
            /bin/mv /opt/netscape/talkback /opt/netscape/talkback.disable
    	/bin/chmod -R 600 /opt/netscape/talkback
    
        Netscape responded to this vulnerability that the current version
        does not install the talkback application. You may install the new
        version 4.51 from Netscape which also fixes some other security
        vulnerabilities. However, if you update from a 4.5 installation, ensure
        that you execute the lines above.
    
    ______________________________________________________________________________
    
    SuSE has got two free security mailing list services to which any
    interested party may subscribe:
    
    This email address is being protected from spambots. You need JavaScript enabled to view it.          - unmoderated and for general/linux/SuSE
                                      security discussions. All SuSE security
                                      announcements are send to this list.
    
    This email address is being protected from spambots. You need JavaScript enabled to view it. - SuSE's announce-only mailing list.
                                      Only SuSE's security annoucements are sent
                                      to this list.
    
    To subscribe, send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. with the text
    
            subscribe suse-security
    or
            subscribe suse-security-announce
    
    in the body of the message. Or just issue a
    
            echo subscribe suse-security | mail This email address is being protected from spambots. You need JavaScript enabled to view it.
    or
            echo subscribe suse-security-announce | mail This email address is being protected from spambots. You need JavaScript enabled to view it.
    
    ______________________________________________________________________________
    
    If you want to report *NEW* security bugs in the SuSE Linux Distribution
    please send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. or call our support line.
    You may use pgp with the public key below to ensure confidentiality.
    ______________________________________________________________________________
    
      This information is provided freely to everyone interested and may
      be redistributed provided that it is not altered in any way.
    
    Type Bits/KeyID    Date       User ID
    pub  2048/3D25D3D9 1999/03/06 SuSE Security Team 
    
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"5","type":"x","order":"1","pct":55.56,"resources":[]},{"id":"88","title":"Should be more technical","votes":"3","type":"x","order":"2","pct":33.33,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"1","type":"x","order":"3","pct":11.11,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.