Autor: Przemysław Pawełczyk (warpman_at_friko5.onet.pl)
Data: Wed 05 Aug 1998 - 09:55:17 MET DST
Hi,
Zimny kubełek dla wszystkich.
Warpman
==================BEGIN FORWARDED MESSAGE==================
> Is this journalistic hype, yet another variabt on the word virus
> problem or something we should be aware of. I know OS/2 (and Linux) is
> less vulnerable than windross to attack but is this fault (if it
> exists) still in the new OS/2 Netscape 4.
The flaw is not checking for an excessively long file name for an email
attachment. A trojan message can overflow a buffer, and by carefully
crafting the text of the long name to be executable code, arbitrary
code can
be executed on the receiving PC. Most of the security breaches in any
OS
seem to depend be some sort of buffer overflow trick like this. IBM's
download page said that the OS/2 Netscape beta does have this
vulnerability,
but it will be fixed in the release version.
===================END FORWARDED MESSAGE===================
============================= OS/2 WARP 4ever
Przemysław Pawełczyk (Warpman) Freelance journalist
Os. Centrum B 1/89 Phone +48 12 642-13-00
31-926 Kraków warpman_at_friko5.onet.pl
Poland http://friko5.onet.pl/kr/warpman/
=============================================
To archiwum zostało wygenerowane przez hypermail 2.1.7 : Tue 18 May 2004 - 15:18:02 MET DST