Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Vuln-Dev
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Safari HTTPS Overflow

from [Braden Thomas] Network Security [Permanent Link]
Subject: Re: Safari HTTPS Overflow
Date: Thu, 28 Apr 2005 19:29:14 -0700
Gilbert –
This appears to be an issue where Safari is calling CFSocketEnableCallBacks on a null CFSocketRef. Not an overflow. An overflow would require a buffer, somewhere, to have overflowed. This is not happening at all. Just because a program crashes when you send it a relatively long string does not define it as an overflow. Look at the crash report:

Exception:  EXC_BAD_ACCESS (0x0001)
Codes:      KERN_PROTECTION_FAILURE (0x0002) at 0x0000000c

Also, did you notify Apple (https://bugreport.apple.com/cgi-bin/WebObjects/RadarWeb.woa) of this bug, or did you just figure they'd hear about it through the grapevine?

Braden Thomas

On Apr 28, 2005, at 2:08 PM, Gilbert Verdian wrote:

Found a bug in the latest Safari that comes with Panther 10.3.9 - Safari 1.3 (v312), previous versions of Panther are also vulnerable.

The problem is with the URI input for HTTPS which causes Safari to crash by inputting a large amount of A's i.e.

https:// AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA

Did a debug of the crash, but it kept crashing in a spin_lock while reading from the text segment. Will post more details when have more info on it.

Gilbert Verdian
neoresearch.org


[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Safari HTTPS Overflow, David Riley
Next by Date:  Re: [bugtraq] Re: Borland Security Contact, Markus Stenzel
Previous by Thread:  Re: Safari HTTPS Overflow, David Riley
Next by Thread:  NY sues Spyware Intermix, funded by Tiaa-Cref, Paul Laudanski
Indexes:  [Date] [Thread] [Top] [All Lists]