Full Disclosure mailing list archives

Re: Kmail <= 1.9.1 (latest) DOS

From: nnp <version5 () gmail com>
Date: Tue, 10 Oct 2006 23:59:46 +0100

I have narrowed down the bug. Here is the update:

Description:
Kmail can be crashed due to incorrectly parsing certain HTML elements.
In this case the <img> tag is incorrectly parsed if the src attribute
is a malformed file link.
A sample mail can be found here
http://silenthack.co.uk/nnp/exploits/kmail/imgCrash .

On 10/10/06, the.soylent <the.soylent () gmail com> wrote:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


nnp schrieb:

Have you verified this on any other ubuntu systems besides your own?


Confirmed on 6 other systems, also one kubuntu (with kde) is affected.
all have nvidia, but also some with nvidia are not affected.. strange..
/soylent



-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFFK3ByY86qEhC92cgRAhDBAKCARhfI/baRKHqfxQkhHsxim71e0ACfZyAr
aiBLc3mn5Qd/AHqqTKdxV6w=
=PmXv
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/



-- 
http://silenthack.co.uk

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Current thread:

Kmail <= 1.9.1 (latest) DOS nnp (Oct 06)
- Re: Kmail <= 1.9.1 (latest) DOS the.soylent (Oct 08)
  - Re: Kmail <= 1.9.1 (latest) DOS SecuriTeam Expert (Oct 09)
    - Re: Kmail <= 1.9.1 (latest) DOS nnp (Oct 09)
    - Re: Kmail <= 1.9.1 (latest) DOS the.soylent (Oct 09)
    - Re: Kmail <= 1.9.1 (latest) DOS nnp (Oct 09)
    - Re: Kmail <= 1.9.1 (latest) DOS the.soylent (Oct 10)
    - Re: Kmail <= 1.9.1 (latest) DOS nnp (Oct 10)
    - Re: Kmail <= 1.9.1 (latest) DOS Valdis . Kletnieks (Oct 10)