Full Disclosure mailing list archives
Kmail <= 1.9.1 (latest) DOS
From: nnp <version5 () gmail com>
Date: Fri, 6 Oct 2006 16:27:25 +0100
Found this while fuzzing for a different type of vuln. For the life of me I cant do anything useful with this bug so here it is. I dont have the time to narrow down what causes the crash, if anyone manages to get code execution from it, be a dear and let me know ;) I am using KDE 3.5.2 and kmail 1.9.1. This bug requires HTML to be enabled (Settings -> Configure Kmail -> Security -> and tick Prefer HTML to Plain Text.). (email that causes crash) http://silenthack.co.uk/nnp/exploits/kmail/crashMail When the mail is viewed it should crash immediately and give you a stack trace similar to (no debugging symbols found) Using host libthread_db library "/lib/tls/i686/cmov/libthread_db.so.1". [KCrash handler] #6 0xffffe410 in __kernel_vsyscall () #7 0xb787b9a1 in raise () from /lib/tls/i686/cmov/libc.so.6 #8 0xb787d2b9 in abort () from /lib/tls/i686/cmov/libc.so.6 #9 0xb7757cf9 in kdbgstream::flush () from /usr/lib/libkdecore.so.4 #10 0xb7bf7cda in endl () from /usr/lib/libkmailprivate.so #11 0xb5be724e in KIO::Scheduler::_scheduleJob () from /usr/lib/libkio.so.4 #12 0xb6cdaa17 in khtml_jpeg_source_mgr::khtml_jpeg_source_mgr () from /usr/lib/libkhtml.so.4 #13 0xb6cdad1a in khtml_jpeg_source_mgr::khtml_jpeg_source_mgr () from /usr/lib/libkhtml.so.4 #14 0xb7117eb9 in QObject::activate_signal () from /usr/lib/libqt-mt.so.3 #15 0xb7118954 in QObject::activate_signal () from /usr/lib/libqt-mt.so.3 #16 0xb74ad39e in QTimer::timeout () from /usr/lib/libqt-mt.so.3 #17 0xb713ceb1 in QTimer::event () from /usr/lib/libqt-mt.so.3 #18 0xb70ade56 in QApplication::internalNotify () from /usr/lib/libqt-mt.so.3 #19 0xb70ae052 in QApplication::notify () from /usr/lib/libqt-mt.so.3 #20 0xb77abd7d in KApplication::notify () from /usr/lib/libkdecore.so.4 #21 0xb703f157 in QApplication::sendEvent () from /usr/lib/libqt-mt.so.3 #22 0xb709f843 in QEventLoop::activateTimers () from /usr/lib/libqt-mt.so.3 #23 0xb7052f67 in QEventLoop::processEvents () from /usr/lib/libqt-mt.so.3 #24 0xb70c6947 in QEventLoop::enterLoop () from /usr/lib/libqt-mt.so.3 #25 0xb70c686a in QEventLoop::exec () from /usr/lib/libqt-mt.so.3 #26 0xb70ac965 in QApplication::exec () from /usr/lib/libqt-mt.so.3 #27 0x0804a04b in ?? () #28 0xbfe80938 in ?? () #29 0xbfe80b24 in ?? () #30 0x00000000 in ?? () -- http://silenthack.co.uk http://smashthestack.org _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Kmail <= 1.9.1 (latest) DOS nnp (Oct 06)
- Re: Kmail <= 1.9.1 (latest) DOS the.soylent (Oct 08)
- Re: Kmail <= 1.9.1 (latest) DOS SecuriTeam Expert (Oct 09)
- Re: Kmail <= 1.9.1 (latest) DOS nnp (Oct 09)
- Re: Kmail <= 1.9.1 (latest) DOS the.soylent (Oct 09)
- Re: Kmail <= 1.9.1 (latest) DOS nnp (Oct 09)
- Re: Kmail <= 1.9.1 (latest) DOS the.soylent (Oct 10)
- Re: Kmail <= 1.9.1 (latest) DOS nnp (Oct 10)
- Re: Kmail <= 1.9.1 (latest) DOS SecuriTeam Expert (Oct 09)
- Re: Kmail <= 1.9.1 (latest) DOS Valdis . Kletnieks (Oct 10)
- Re: Kmail <= 1.9.1 (latest) DOS the.soylent (Oct 08)