Bug 23608 - Netscape Flash plugin buffer overflow
Summary: Netscape Flash plugin buffer overflow
Status: CLOSED WONTFIX
Alias: None
Product: Red Hat Linux
Classification: Retired
Component: netscape   
(Show other bugs)
Version: 7.0
Hardware: All Linux
high
medium
Target Milestone: ---
Assignee: Bill Nottingham
QA Contact: David Lawrence
URL:
Whiteboard:
Keywords: Security
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2001-01-08 19:10 UTC by Daniel Roesen
Modified: 2014-03-17 02:17 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2001-01-19 22:08:40 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

Description Daniel Roesen 2001-01-08 19:10:08 UTC
All Netscape flash plugins on all platforms contain a trivially exploitable
buffer overflow which allows a hostile website to execute arbitrary code on
the client.

Obvious fix is to completely remove the Flash plugin.

Please don't wait until Macromedia publishes a fixed version and Netscape
publishes a new Navigator with this fixed plugin. Macromedia has proven to
be ignorant on this problem.

Comment 1 Bill Nottingham 2001-01-19 21:56:55 UTC
No, obviously we should just remove Netscape. After all, it's vulnerable
to a buffer overflow that's not been fixed.

In any case, it will be shipped but disabled in 4.76-5.

Comment 2 Bill Nottingham 2001-01-19 22:07:07 UTC
Actually, the buffer overflow is apparently *not* exploitable, FWIW.


Comment 3 Bill Nottingham 2001-01-19 22:59:03 UTC
... so we aren't going to disable it, unless someone has information
on how it's exploitable.

Comment 4 Daniel Roesen 2001-01-20 12:33:42 UTC
It is claimed by the vendor that its not exploitable. As we don't have the
source (nor the time to disassemble) IMHO one should apply "better safe than
sorry".

People once claimed heap malloc() buffers not being maliciously exploitable. The
opposite was shown in the recent past.

Anyway, the flash plugin will be disabled in all my desktop installations
because I don't want to explain to customers why I did ignore the warning, just
because the vendor claimed, that... :-]

Comment 5 David Juran 2002-08-15 19:33:35 UTC
According to http://www.macromedia.com/v1/handlers/index.cfm?ID=23294 and
http://www.macromedia.com/v1/handlers/index.cfm?ID=23293 we this timehave a
coupple of exploitable overflows )-: Time to reopen the bug?


Note You need to log in before you can comment on or make changes to this bug.