Subject: [NEWS] Brown Orifice, the new multi-platform remote management tool and Trojan
Date: Mon, 7 Aug 2000 18:38:05 +0200

          Brown Orifice, the new multi-platform remote management tool and Trojan
--------------------------------------------------------------------------------

SUMMARY

A pair of new capabilities in Java, one residing in the Java core and the
other in Netscape's Java distribution, allows creating of a remote
management tool that can be used to compromise a remote system. The first
(exploited in BOServerSocket and BOSocket, see below) allows Java to open
a local server that can be accessed by arbitrary clients. The second
(BOURLConnection and BOURLInputStream, see below) allows Java to access
arbitrary URLs, including local files.

As a demonstration, a program called Brown Orifice HTTPD for Netscape
Communicator has been created. BOHTTPD is a browser-resident web server
and file-sharing tool that demonstrates these two problems in Netscape
Communicator. BOHTTPD will serve files from a directory of your choice,
and will also act as an HTTP/FTP proxy server.

DETAILS

Exploit:
The Brown Orifice demonstration can be found at:
 <http://www.brumleve.com/BrownOrifice/>
http://www.brumleve.com/BrownOrifice/

Brown Spy (A client that allows you to connect to the Brown Orifice
server) can be found at:
 <http://www.brumleve.com/BrownOrifice/BOHTTPD_spy.cgi>
http://www.brumleve.com/BrownOrifice/BOHTTPD_spy.cgi

The source code of Brown Orifice can be found at:
 <http://www.brumleve.com/BrownOrifice/BOHTTPD_download.cgi>
http://www.brumleve.com/BrownOrifice/BOHTTPD_download.cgi

ADDITIONAL INFORMATION

The information has been provided by  <mailto:dan+security@brumleve.com>
Dan Brumleve.

========================================

DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.