Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security FullDisclosure
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Full-disclosure] [DoS] Firefox 3 beta 5 on Ubuntu 7.10 (hangs the OS)

from [K-Gen] Network Security [Permanent Link]
Subject: [Full-disclosure] [DoS] Firefox 3 beta 5 on Ubuntu 7.10 (hangs the OS)
Date: Mon, 21 Apr 2008 21:32:27 +0300 
This is a funny find, it is incredibly simple, yet it managed to hang my
Linux OS completely. I'd love to see this attempted on newer hardware, since
I'm not 100% sure it will hurt higher end systems as badly.

Elaboration:

"I'll be honest, I was very surprised by this find. As a matter of fact,
this was the first time I ever managed to crash Linux completely... Through
a web browser.

The attack is too simple to brag about, just a simple JS that takes up a lot
of memory fast.


<html>
<body>
    <form method = "GET" action = "bla">
        <input name = "vuln" value =
"012345678901234567890123456789012345678901234567890123456789">
    </form>

    <script>
        for (i=0; i<=5000; i++){
            document.forms[0].vuln.value += document.forms[0].vuln.value;
        }
    </script>

</body>
</html>


This algorithm takes M*2^N bytes of memory (where M is the length of the
"vuln" field and N is the number of loop iterations). You would expect the
browser to alert you that this script is going to take a really long time to
execute, but apparently, this doesn't happen.

After one second of this script running, Firefox stopped responding, a few
seconds later I couldn't even launch the Force Quit applet, a few seconds
after that the system reached a screeching halt.

I have a vague idea of how this is possible, but I guess this is related to
the new GTK+ forms in FF 3. I ran this script on Windows in Firefox 2, and
nothing too scary happened. It did take up 1GB of memory in 5 seconds, but
as it appeared, some limit was reached and the page was loaded with nothing
more exciting than blank text field. The same happened with IE 6.

Note however, that the windows machine had twice more RAM and processing
power than the Linux machine, so I'm not sure whether this was a very
"scientific" test. (I should also try installing FF 3 for Windows and see
what happens).

Certainly, I know FF 3 is beta software. However, what really shocked me
here is how easy it was to overload the whole system through a web page.
This certainly isn't "expected behavior"."

Original post: http://own-the.net/news_Firefox-3b5-on-Ubuntu-(DoS)_15.html

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Full-disclosure] Security issue in Filezilla 3.0.9.2:passwordsare stored in plain text (sitemanager.xml), Micheal Cottingham
Next by Date:  Re: [Full-disclosure] IRM Security Advisory : RedDot CMS SQL injection vulnerability, n3td3v
Previous by Thread:  [Full-disclosure] IRM Security Advisory : RedDot CMS SQL injection vulnerability, Mark Crowther
Next by Thread:  Re: [Full-disclosure] [DoS] Firefox 3 beta 5 on Ubuntu 7.10 (hangs the OS), Not Shadowgamers
Indexes:  [Date] [Thread] [Top] [All Lists]