Hi,
This attack can now be detected by the following IDS signatures:
http://dev.whitehats.com/cgi/test/new.pl/Show?_id=web-netscape-overflow-unixware
http://dev.whitehats.com/cgi/test/new.pl/Show?_id=outgoing_xterm
http://dev.whitehats.com/cgi/test/new.pl/Show?_id=nops-x86
These signatures are also available as part of
http://dev.whitehats.com/ids/vision.conf
Note that each record includes packet traces from usage of an actual
exploit attempt.
Max Vision
http://whitehats.com/ <- free tools, forums, IDS database
http://maxvision.net/
On Fri, 31 Dec 1999, Brock Tellier wrote:
> OVERVIEW
> A vulnerability in Netscape FastTrack 2.01a will allow any remote user to
> execute commands as the user running the httpd daemon (probably nobody). This
> service is running by default on a standard UnixWare 7.1 installation.
>
> /** uwhelp.c - remote exploit for UnixWare's Netscape FastTrack
> ** 2.01a scohelp http service
> **
