Beware 'Brown Orifice'

Beware 'Brown Orifice'
Kevin Poulsen, SecurityFocus 2000-08-07

The latest in backdoor programs comes in through your web browser.

What ports does Brown orifice use, how can it be detected? 2000-08-08
Sean Boran (2 replies)

What ports does Brown orifice use, how can it be detected? 2000-08-08
morphon (at) yahoo (dot) com [email concealed]

What ports does Brown orifice use, how can it be detected? 2000-08-08
Henri Torgemane <henri_torgemane (at) yahoo (dot) com [email concealed]>

It might be obvious, but just to clarify a bit, Brown Orifice is just a "nice" proof of concept for the 2 bugs.

Should someone decide to write an exploit using only the local filesystem access vulnerability to grab a few well-known critical files, you won't have a listening port to detect and it will be able to go through firewalls and proxies just like a normal web page.

filter java at your proxy level, threaten your users of horrible things if they don't disable java in netscape, or wait for the netscape fix and pray.

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/articles/70/2958#2958

Re: Beware 'Brown Orifice' 2000-08-09
Lori Carrig (2 replies)

Re: Beware 'Brown Orifice' 2000-08-09
Bruce

Re: Beware 'Brown Orifice' 2000-08-11
netapi (2 replies)

IP not snatchable from IE? well sorta. 2000-08-11
henri torgemane

Re: Beware 'Brown Orifice' 2000-08-17
Orca_sniff