Caldera Systems Security Advisory: Netscape java security bug | Linux Today

Caldera Systems Security Advisory: Netscape java security bug

Written By
Web Webster
Web Webster
Aug 22, 2000

Date: Mon, 21 Aug 2000 16:59:39 -0600
From: Technical Support support@PHOENIX.CALDERASYSTEMS.COM

To: BUGTRAQ@SECURITYFOCUS.COM
Subject: Security Update: Netscape java security bug

– —–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA1


                   Caldera Systems, Inc.  Security Advisory

Subject:                Netscape java security bug
Advisory number:        CSSA-2000-027.1
Issue date:             2000 August, 21
Cross reference:

1. Problem Description

Recently, a problem in netscape’s java libraries was discovered
that allows an applet to act as a web server on your machine,
exposing all files on your system to the world.

An exploit for this vulnerability has been published widely
under the name “Brown Orifice”.

This update also fixes another vulnerability in versions of
communicator previous to 4.74, which is a buffer overrun while
processing JPEG files. This bug could also be exploited by
malicious web servers to obtain access to the user’s machine.

2. Vulnerable Versions

   System                       Package

   OpenLinux Desktop 2.3        All packages previous to
                                communicator-4.75

   OpenLinux eServer 2.3        All packages previous to
   and OpenLinux eBuilder       communicator-4.75

   OpenLinux eDesktop 2.4       All packages previous to
                                communicator-4.75

3. Solution

Workaround:

Disable java in your web browser.

We recommend our users to upgrade to the new packages.

4. OpenLinux Desktop 2.3

4.1 Location of Fixed Packages

The upgrade packages can be found on Caldera’s FTP site at:


ftp://ftp.calderasystems.com/pub/updates/OpenLinux/2.3/current/RPMS/

The corresponding source code package can be found at:


ftp://ftp.calderasystems.com/pub/updates/OpenLinux/2.3/current/SRPMS

4.2 Verification

28db8959429f5337cdd4388c6e6c5cd3
communicator-4.75-1OL.i386.rpm
46320caa2113e1de3994bf57dafcc3a0 communicator-4.75-1OL.src.rpm

4.3 Installing Fixed Packages

Upgrade the affected packages with the following commands:

You will have to install the rh-compat RPM from your
installation CD if it isn’t installed already:

rpm -i Packages/RPMS/rh-compat-2.3-1.i386.rpm

Then, upgrade netscape communicator using

rpm -U –nodeps communicator-4.75-1OL.i386.rpm

5. OpenLinux eServer 2.3 and OpenLinux eBuilder for ECential
3.0

5.1 Location of Fixed Packages

The upgrade packages can be found on Caldera’s FTP site at:


ftp://ftp.calderasystems.com/pub/updates/eServer/2.3/current/RPMS/

The corresponding source code package can be found at:


ftp://ftp.calderasystems.com/pub/updates/eServer/2.3/current/SRPMS

5.2 Verification

fe4a2001149ada558f96c8fa65e931a2
communicator-4.75-1S.i386.rpm
ce41029a7d6d2e991302748dce7b6727 communicator-4.75-1S.src.rpm

5.3 Installing Fixed Packages

Upgrade the affected packages with the following commands:

You will have to install the rh-compat, mailcap and mimetypes
RPMs from your installation CD if they aren’t installed
already:

rpm -i Packages/RPMS/rh-compat-2.3-1.i386.rpm
rpm -i Packages/RPMS/mailcap-1.0-6.i386.rpm
rpm -i Packages/RPMS/mimetypes-1.0-3.i386.rpm

Then, upgrade netscape communicator using

rpm -U –nodeps communicator-4.75-1S.i386.rpm

6. OpenLinux eDesktop 2.4

6.1 Location of Fixed Packages

The upgrade packages can be found on Caldera’s FTP site at:


ftp://ftp.calderasystems.com/pub/updates/eDesktop/2.4/current/RPMS/

The corresponding source code package can be found at:


ftp://ftp.calderasystems.com/pub/updates/eDesktop/2.4/current/SRPMS

6.2 Verification

6cfa056059046cd6d7c019fb6e737bac
communicator-4.75-1.i386.rpm
45d7e8bd7aca18b0d743f85eb926cf00 communicator-4.75-1.src.rpm

6.3 Installing Fixed Packages

Upgrade the affected packages with the following commands:

rpm -F communicator-4.75-1.i386.rpm

7. References

This and other Caldera security resources are located at:

http://www.calderasystems.com/support/security/index.html

This security fix closes Caldera’s internal Problem Report
7346.

8. Disclaimer

Caldera Systems, Inc. is not responsible for the misuse of any
of the information we provide on this website and/or through our
security advisories. Our advisories are a service to our customers
intended to promote secure installation and use of Caldera
OpenLinux.


- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.1 (GNU/Linux)
Comment: For info see http://www.gnupg.org 

iD8DBQE5nSUd18sy83A/qfwRAvNmAJ9tEhmHczHNMyCkrwHzDTHC/OZloACdEM3k
caCO45dW9FtgJLE4iQCz3gQ=
=CQ+4
- -----END PGP SIGNATURE-----
Web Webster

Web Webster

Web Webster has more than 20 years of writing and editorial experience in the tech sector. He’s written and edited news, demand generation, user-focused, and thought leadership content for business software solutions, consumer tech, and Linux Today, he edits and writes for a portfolio of tech industry news and analysis websites including webopedia.com, and DatabaseJournal.com.

Linux Today Logo

LinuxToday is a trusted, contributor-driven news resource supporting all types of Linux users. Our thriving international community engages with us through social media and frequent content contributions aimed at solving problems ranging from personal computing to enterprise-level IT operations. LinuxToday serves as a home for a community that struggles to find comparable information elsewhere on the web.

Property of TechnologyAdvice. © 2026 TechnologyAdvice. All Rights Reserved

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.