Bug 23608 - Netscape Flash plugin buffer overflow
Netscape Flash plugin buffer overflow
Status: CLOSED WONTFIX
Product: Red Hat Linux
Classification: Retired
Component: netscape (Show other bugs)
7.0
All Linux
high Severity medium
: ---
: ---
Assigned To: Bill Nottingham
David Lawrence
: Security
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2001-01-08 14:10 EST by Daniel Roesen
Modified: 2014-03-16 22:17 EDT (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2001-01-19 17:08:40 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Daniel Roesen 2001-01-08 14:10:08 EST
All Netscape flash plugins on all platforms contain a trivially exploitable
buffer overflow which allows a hostile website to execute arbitrary code on
the client.

Obvious fix is to completely remove the Flash plugin.

Please don't wait until Macromedia publishes a fixed version and Netscape
publishes a new Navigator with this fixed plugin. Macromedia has proven to
be ignorant on this problem.
Comment 1 Bill Nottingham 2001-01-19 16:56:55 EST
No, obviously we should just remove Netscape. After all, it's vulnerable
to a buffer overflow that's not been fixed.

In any case, it will be shipped but disabled in 4.76-5.
Comment 2 Bill Nottingham 2001-01-19 17:07:07 EST
Actually, the buffer overflow is apparently *not* exploitable, FWIW.
Comment 3 Bill Nottingham 2001-01-19 17:59:03 EST
... so we aren't going to disable it, unless someone has information
on how it's exploitable.
Comment 4 Daniel Roesen 2001-01-20 07:33:42 EST
It is claimed by the vendor that its not exploitable. As we don't have the
source (nor the time to disassemble) IMHO one should apply "better safe than
sorry".

People once claimed heap malloc() buffers not being maliciously exploitable. The
opposite was shown in the recent past.

Anyway, the flash plugin will be disabled in all my desktop installations
because I don't want to explain to customers why I did ignore the warning, just
because the vendor claimed, that... :-]
Comment 5 David Juran 2002-08-15 15:33:35 EDT
According to http://www.macromedia.com/v1/handlers/index.cfm?ID=23294 and
http://www.macromedia.com/v1/handlers/index.cfm?ID=23293 we this timehave a
coupple of exploitable overflows )-: Time to reopen the bug?

Note You need to log in before you can comment on or make changes to this bug.