OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Jason Bowman (jasonb42mediaone.net)
Date: Thu Aug 02 2001 - 20:50:57 CDT

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    On Tuesday 31 July 2001 12:40 pm, Dan Harkless wrote:
    > Michal Szokolo <mszkill-spammers.pmp.com.pl> writes:
    > > John Percival wrote:
    > > > I'm going to try and throw another issue into this discussion now too:
    > > > denial of service. We have discussed it for attacking remote servers,
    > > > but not for the client viewing the image. It's something else that I
    > > > spotted while I was playing around with this issue just now.
    > > >
    > > > If you have images that include a mailto:memy.host.somewhere.com
    > > > source, then the default handler for mailto: links is opened up. Be
    > > > that Outlook, Netscape Composer, Eudora, or whatever else you care to
    > > > use.
    > > >
    > > > So if someone embedded 100 (arbitrary figure) mailto: images in a page,
    > > > then this would do a lot of harm to the user's computer. At best, it
    > > > would get very busy for a few minutes creating new emails, and would be
    > > > a pain to clear up. At worst, it could bring the whole system crashing
    > > > down.
    > >
    > > Netscape 4.77 crashes at about 50 such IMG tags, IF they are different
    > > (simply putting mailto:fakeluserfakedomain 100 times won't work (opens
    > > only 2 message windows)), but if you go with some script... instant
    > > crash (try it now free of charge at http://msz.pmp.com.pl/boom/ ;-)).
    >
    > Sorry for the very late reply to this thread, but in case anybody's
    > wondering whether the recently-released 4.78 fixes this bug, it does not.
    >
    > When I visit the page, though (and perhaps on version 4.78 in general), it
    > doesn't crash until you click on the close box for one of the Composer
    > windows.
    >
    > I tested on Win2K Pro.
    >

    I tried your crash page in the Konqueror browser, KDE 2.1.1 in linux, RH 7.1
    and it did not effect me.

    You should try htp://robynin.com/ for a really annoying script... Not
    exactly a DOS but still fun : )

    Jason B.

    PS: Netscape 4 users beware of the page I referenced. While in IE the page is
    annoying the way Netscape 4 handles the javascript it can be nasty... similar
    to a DOS.