Netscape issues fix to Web server bug
Netscape and a security software maker offer a fix for a bug that could allow hackers to gain access to Netscape Web servers.
Using a method called "buffer overflow," a hacker can send a server a Web address with more characters than the machine can handle, which causes it to grant access to the attacker that it normally would not.
"A [malicious] hacker could do whatever he wants to the server. He can launch a virus or open an account without a password," said Christopher Rouland, director of Internet Security Systems' X-Force, a research and development team of security experts that maintains a database of hacking exploits and techniques.
The bug affects Netscape Enterprise and FastTrack servers, according to ISS, a provider of network security software based in Atlanta. Businesses use Netscape Enterprise and FastTrack servers to build and manage intranet and extranet networks.
An experienced attacker can force the machine to process any program code that is sent. ISS has demonstrated that it is possible to use this vulnerability to give an attacker full control of a machine.
ISS and Netscape have posted a fix for the bug, which can be found on Netscape's iPlanet security site.