Operating System:

[RedHat]

Published:

19 August 2004

Protect yourself against future threats.

//Service

Sensitive Information Alert

Alert notification provided via email for sensitive material found online by our analyst team which specifically targets your organisation.

Read more
Resources > Security Bulletins > ESB-2004.0524 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                     ESB-2004.0524 -- RHSA-2004:429-01
                   Netscape 4.8 contains security flaws
                              19 August 2004

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:                Netscape Navigator and Communicator 4.8
Publisher:              Red Hat
Operating System:       Red Hat Enterprise Linux AS/ES/WS 2.1
Impact:                 Execute Arbitrary Code/Commands
Access:                 Remote/Unauthenticated
CVE Names:              CAN-2004-0597 CAN-2004-0598 CAN-2004-0599

Ref:                    ESB-2004.0361

- - --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- - ---------------------------------------------------------------------
                   Red Hat Security Advisory

Synopsis:          Netscape 4.8 contains security flaws
Advisory ID:       RHSA-2004:429-01
Issue date:        2004-08-18
Updated on:        2004-08-18
Product:           Red Hat Enterprise Linux
CVE Names:         CAN-2004-0597 CAN-2004-0598 CAN-2004-0599
- - ---------------------------------------------------------------------

1. Summary:

Netscape Navigator and Netscape Communicator 4.8 as distributed with Red
Hat Enterprise Linux 2.1 contain security flaws and should not be used.

2. Problem description:

Netscape Navigator and Netscape Communicator have been removed from the Red
Hat Enterprise Linux 2.1 CD-ROM distribution as part of Update 5. These
packages were based on Netscape 4.8, which is known to be vulnerable to
recent critical security issues, such as CAN-2004-0597, CAN-2004-0598, and
CAN-2004-0599. 

Netscape 7.2 contains fixes for these issues and is available from
http://www.netscape.com/.  Netscape 4.8 packages will also remain available
via Red Hat Network for those who choose to use them despite their known
security vulnerabilities.
                               
Users of Netscape 4.8 are advised to switch to Mozilla, which is included
and supported in Red Hat Enterprise Linux 2.1, and offers comparable
functionality.

3. Solution:

Red Hat Enterprise 2.1 users who do not need the functionality of Netscape 
4.8 should uninstall the netscape packages.

4. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0597
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0598
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0599

5. Contact:

The Red Hat security contact is <secalert@redhat.com>.  More contact
details at https://www.redhat.com/security/team/contact.html

Copyright 2004 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQFBI3hCXlSAg2UNWIIRAiL5AKCUnrKuVqngBE/e0EFiALh6bgNOFQCcDYan
Su5PyPkP0gtCB+wT2whAFMw=
=uMrU
- -----END PGP SIGNATURE-----

- - --------------------------END INCLUDED TEXT--------------------
AusCERT has made every effort to ensure that the information contained
in this document is accurate.  However, the decision to use the information
described is the responsibility of each user or organisation. The decision to
follow or act on information or advice contained in this security bulletin is
the responsibility of each user or organisation, and should be considered in
accordance with your organisation's site policies and procedures. AusCERT
takes no responsibility for consequences which may arise from following or
acting on information or advice contained in this security bulletin.

If you believe that your computer system has been compromised or attacked in 
any way, we encourage you to let us know by completing the secure National IT 
Incident Reporting Form at:

        http://www.auscert.org.au/render.html?it=3192

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================

-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQCVAwUBQSP/kih9+71yA2DNAQLLTwP/SRsdrpxX1747S7AFd6rWjPEfHZph1uZ0
R0rbzY01Nb9fhgzTa1a4a2H2fPky6LdyHJn/QjFrvuLD9OLdA+sAgJvGjlQhabxC
PZspykjcLiejuGtyY5/WxzUvh/F1PidqtdPclHSvR0LPzveFFTqjDwCxFr04SKLr
wk2IQt9E7jg=
=TVyM
-----END PGP SIGNATURE-----