Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Vuln-Dev
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Opera 8.50 DoS with simple java applet

from [Edward D Wiget] Network Security [Permanent Link]
Subject: Re: Opera 8.50 DoS with simple java applet
Date: Wed, 30 Nov 2005 16:06:16 -0500 
On Tuesday 29 November 2005 06:31 pm, Marc Schoenefeld wrote:

Hi y'all,

it is possible to crash the opera 8.50 browser with a simple
java applet (see below).
This was observed on Win32, Linux versions maybe affected, too.


verified on gentoo linux, opera 8.50 and here is the results:

An unexpected exception has been detected in native code outside the VM.
Unexpected Signal : 11 occurred at PC=0x8181375
Function=(null)+0x8181375
Library=/opt/opera/lib/opera/8.50-20050916.5/opera

NOTE: We are unable to locate the function name symbol for the error
      just occurred. Please refer to release documentation for possible
      reason and solutions.


Current Java thread:

Dynamic libraries:
08048000-086a8000 r-xp 00000000 03:03 
101814     /opt/opera/lib/opera/8.50-20050916.5/opera
086a8000-086fc000 rwxp 00660000 03:03 
101814     /opt/opera/lib/opera/8.50-20050916.5/opera
086fc000-09021000 rwxp 086fc000 00:00 0          [heap]
a9f3b000-a9fd8000 r-xp 00000000 03:03 
492962     /opt/blackdown-jdk-1.4.2.02/jre/lib/i386/libfontmanager.so
a9fd8000-a9fea000 rwxp 0009d000 03:03 
492962     /opt/blackdown-jdk-1.4.2.02/jre/lib/i386/libfontmanager.so
a9fee000-aa0aa000 r-xs 00000000 03:03 
492912     /opt/blackdown-jdk-1.4.2.02/jre/lib/ext/localedata.jar
b43bf000-b495f000 r-xs 00000000 03:03 
492914     /opt/blackdown-jdk-1.4.2.02/jre/lib/charsets.jar
b495f000-b4970000 r-xs 00000000 03:03 
492884     /opt/blackdown-jdk-1.4.2.02/jre/lib/jce.jar
b4970000-b4a4d000 r-xs 00000000 03:03 
492867     /opt/blackdown-jdk-1.4.2.02/jre/lib/jsse.jar
b4a4d000-b4a63000 r-xs 00000000 03:03 
492924     /opt/blackdown-jdk-1.4.2.02/jre/lib/sunrsasign.jar
b4aad000-b6459000 r-xs 00000000 03:03 
493045     /opt/blackdown-jdk-1.4.2.02/jre/lib/rt.jar
b6459000-b645d000 r-xp 00000000 03:03 1211527    /lib/libnss_dns-2.3.5.so
b645d000-b645f000 rwxp 00003000 03:03 1211527    /lib/libnss_dns-2.3.5.so
b6465000-b6473000 r-xs 00000000 03:03 
492889     /opt/blackdown-jdk-1.4.2.02/jre/lib/ext/ldapsec.jar
b6473000-b648f000 r-xs 00000000 03:03 
492887     /opt/blackdown-jdk-1.4.2.02/jre/lib/ext/sunjce_provider.jar
b648f000-b6492000 r-xs 00000000 03:03 
492886     /opt/blackdown-jdk-1.4.2.02/jre/lib/ext/dnsns.jar
b6613000-b67f5000 r-xs 00000000 03:03 
492888     /opt/blackdown-jdk-1.4.2.02/jre/lib/plugin.jar
b67f5000-b6806000 r-xs 00000000 03:03 
310987     /opt/opera/share/opera/java/opera.jar
b6806000-b6817000 r-xp 00000000 03:03 
492948     /opt/blackdown-jdk-1.4.2.02/jre/lib/i386/libzip.so
b6817000-b6819000 rwxp 00011000 03:03 
492948     /opt/blackdown-jdk-1.4.2.02/jre/lib/i386/libzip.so
b6819000-b6821000 r-xp 00000000 03:03 
492953     /opt/blackdown-jdk-1.4.2.02/jre/lib/i386/native_threads/libhpi.so
b6821000-b6822000 rwxp 00007000 03:03 
492953     /opt/blackdown-jdk-1.4.2.02/jre/lib/i386/native_threads/libhpi.so
b6857000-b6866000 r-xp 00000000 03:03 
492951     /opt/blackdown-jdk-1.4.2.02/jre/lib/i386/libnet.so
b6866000-b6867000 rwxp 0000e000 03:03 
492951     /opt/blackdown-jdk-1.4.2.02/jre/lib/i386/libnet.so
b6867000-b6877000 r-xp 00000000 03:03 
821509     /usr/share/fonts/TTF/VeraIt.ttf
b6877000-b6886000 r-xp 00000000 03:03 
821514     /usr/share/fonts/TTF/VeraSe.ttf
b6886000-b688e000 r-xp 00000000 03:03 1211529    /lib/libnss_files-2.3.5.so
b688e000-b6890000 rwxp 00007000 03:03 1211529    /lib/libnss_files-2.3.5.so
b6890000-b6898000 r-xp 00000000 03:03 1211537    /lib/libnss_nis-2.3.5.so
b6898000-b689a000 rwxp 00007000 03:03 1211537    /lib/libnss_nis-2.3.5.so
b689a000-b68a1000 r-xp 00000000 03:03 1211539    /lib/libnss_compat-2.3.5.so
b68a1000-b68a3000 rwxp 00006000 03:03 1211539    /lib/libnss_compat-2.3.5.so
b68a4000-b68a8000 rwxs 00000000 03:03 3222908    /tmp/hsperfdata_ewiget/27992
b68a8000-b68b7000 r-xp 00000000 03:03 1211526    /lib/libresolv-2.3.5.so
b68b7000-b68b9000 rwxp 0000e000 03:03 1211526    /lib/libresolv-2.3.5.so
b68bb000-b68ca000 r-xp 00000000 03:03 
821508     /usr/share/fonts/TTF/VeraBd.ttf
b68ca000-b68d3000 r-xp 00000000 03:03 
999499     /usr/lib/X11/locale/lib/common/xomGeneric.so.2
b68d3000-b68d4000 rwxp 00008000 03:03 
999499     /usr/lib/X11/locale/lib/common/xomGeneric.so.2
b6b46000-b6b57000 r-xp 00000000 03:03 821506     /usr/share/fonts/TTF/Vera.ttf
b6b58000-b6b83000 r-xp 00000000 03:03 
3026163    /usr/kde/3.4/lib/libkdefx.so.4.2.0
b6b83000-b6b84000 rwxp 0002a000 03:03 
3026163    /usr/kde/3.4/lib/libkdefx.so.4.2.0
b6b85000-b6b8a000 r-xp 00000000 03:03 3156640    /lib/libgpm.so.1.19.0
b6b8a000-b6b8b000 rwxp 00004000 03:03 3156640    /lib/libgpm.so.1.19.0
b6b8b000-b6c1f000 r-xp 00000000 03:03 3287607    /usr/lib/libaspell.so.15.0.3
b6c1f000-b6c23000 rwxp 00093000 03:03 3287607    /usr/lib/libaspell.so.15.0.3
b6c26000-b6c45000 r-xp 00000000 03:03 
3026435    /usr/kde/3.4/lib/kde3/plugins/styles/plastik.so
b6c45000-b6c46000 rwxp 0001e000 03:03 
3026435    /usr/kde/3.4/lib/kde3/plugins/styles/plastik.so
b6c4b000-b6c4c000 r-xp 00000000 03:03 
65448      /opt/opera/lib/opera/8.50-20050916.5/missingsyms.so
b6c4c000-b6c4d000 rwxp 00000000 03:03 
65448      /opt/opera/lib/opera/8.50-20050916.5/missingsyms.so
b6c4e000-b6c6c000 r-xp 00000000 03:03 2913494    /usr/lib/libexpat.so.0.5.0
b6c6c000-b6c6e000 rwxp 0001d000 03:03 2913494    /usr/lib/libexpat.so.0.5.0
b6c6e000-b6c96000 r-xp 00000000 03:03 212641     /usr/lib/liblcms.so.1.0.13
b6c96000-b6c98000 rwxp 00028000 03:03 212641     /usr/lib/liblcms.so.1.0.13
b6c9a000-b6cab000 r-xp 00000000 03:03 
492935     /opt/blackdown-jdk-1.4.2.02/jre/lib/i386/libverify.so
b6cab000-b6cac000 rwxp 00011000 03:03 
492935     /opt/blackdown-jdk-1.4.2.02/jre/lib/i386/libverify.so
b6cad000-b6ccf000 r-xp 00000000 03:03 
3123403    /usr/lib/libfontconfig.so.1.0.4
b6ccf000-b6cd2000 rwxp 00022000 03:03 
3123403    /usr/lib/libfontconfig.so.1.0.4
b6cd3000-b6d3b000 r-xp 00000000 03:03 3435432    /usr/lib/libfreetype.so.6.3.7
b6d3b000-b6d42000 rwxp 00068000 03:03 3435432    /usr/lib/libfreetype.so.6.3.7
b6d42000-b6d53000 r-xp 00000000 03:03 905696     /usr/lib/libXft.so.2.1.2
b6d53000-b6d54000 rwxp 00011000 03:03 905696     /usr/lib/libXft.so.2.1.2
b6d54000-b6d5c000 r-xp 00000000 03:03 905738     /usr/lib/libXcursor.so.1.0.2
b6d5c000-b6d5d000 rwxp 00007000 03:03 905738     /usr/lib/libXcursor.so.1.0.2
b6d5e000-b6d60000 r-xp 00000000 03:03 905618     /usr/lib/libXrandr.so.2.0
b6d60000-b6d61000 rwxp 00002000 03:03 905618     /usr/lib/libXrandr.so.2.0
b6d61000-b6d68000 r-xp 00000000 03:03 905710     /usr/lib/libXrender.so.1.2.2
b6d68000-b6d69000 rwxp 00006000 03:03 905710     /usr/lib/libXrender.so.1.2.2
b6d69000-b6d70000 r-xp 00000000 03:03 905699     /usr/lib/libXi.so.6.0
b6d70000-b6d71000 rwxp 00006000 03:03 905699     /usr/lib/libXi.so.6.0
b6d71000-b6da1000 r-xp 00000000 03:03 16663      /usr/lib/libpng.so.3.1.2.8
b6da1000-b6da2000 rwxp 0002f000 03:03 16663      /usr/lib/libpng.so.3.1.2.8
b6da2000-b6dbe000 r-xp 00000000 03:03 2830313    /usr/lib/libjpeg.so.62.0.0
b6dbe000-b6dbf000 rwxp 0001b000 03:03 2830313    /usr/lib/libjpeg.so.62.0.0
b6dbf000-b6e18000 r-xp 00000000 03:03 3029511    /usr/lib/libmng.so.1.0.0
b6e18000-b6e1b000 rwxp 00058000 03:03 3029511    /usr/lib/libmng.so.1.0.0
b6e1c000-b6e3b000 r-xp 00000000 03:03 
492930     /opt/blackdown-jdk-1.4.2.02/jre/lib/i386/libjava.so
b6e3b000-b6e3c000 rwxp 0001f000 03:03 
492930     /opt/blackdown-jdk-1.4.2.02/jre/lib/i386/libjava.so
b6e3c000-b6e40000 r-xp 00000000 03:03 905586     /usr/lib/libXtst.so.6.1
b6e40000-b6e41000 rwxp 00003000 03:03 905586     /usr/lib/libXtst.so.6.1
b6e41000-b6e4e000 r-xp 00000000 03:03 905726     /usr/lib/libXext.so.6.4
b6e4e000-b6e4f000 rwxp 0000c000 03:03 905726     /usr/lib/libXext.so.6.4
b6e4f000-b6e63000 r-xp 00000000 03:03 905706     /usr/lib/libICE.so.6.3
b6e63000-b6e64000 rwxp 00014000 03:03 905706     /usr/lib/libICE.so.6.3
b6e66000-b6e6e000 r-xp 00000000 03:03 905665     /usr/lib/libSM.so.6.0
b6e6e000-b6e6f000 rwxp 00007000 03:03 905665     /usr/lib/libSM.so.6.0
b6e70000-b6ebb000 r-xp 00000000 03:03 905590     /usr/lib/libXt.so.6.0
b6ebb000-b6ebe000 rwxp 0004b000 03:03 905590     /usr/lib/libXt.so.6.0
b6ebf000-b6ec6000 r-xp 00000000 03:03 905614     /usr/lib/libXp.so.6.2
b6ec6000-b6ec7000 rwxp 00006000 03:03 905614     /usr/lib/libXp.so.6.2
b6ec7000-b70b9000 r-xp 00000000 03:03 
492944     /opt/blackdown-jdk-1.4.2.02/jre/lib/i386/libXm.so.3
b70b9000-b70d3000 rwxp 001f1000 03:03 
492944     /opt/blackdown-jdk-1.4.2.02/jre/lib/i386/libXm.so.3
b70d4000-b713a000 r-xp 00000000 03:03 
492937     /opt/blackdown-jdk-1.4.2.02/jre/lib/i386/libmlib_image.so
b713a000-b713b000 rwxp 00066000 03:03 
492937     /opt/blackdown-jdk-1.4.2.02/jre/lib/i386/libmlib_image.so
b713b000-b714c000 r-xp 00000000 03:03 1211536    /lib/libnsl-2.3.5.so
b714c000-b714e000 rwxp 00010000 03:03 1211536    /lib/libnsl-2.3.5.so
b7151000-b725a000 r-xp 00000000 03:03 1211562    /lib/libc-2.3.5.so
b725a000-b725b000 ---p 00109000 03:03 1211562    /lib/libc-2.3.5.so
b725b000-b725c000 r-xp 00109000 03:03 1211562    /lib/libc-2.3.5.so
b725c000-b725f000 rwxp 0010a000 03:03 1211562    /lib/libc-2.3.5.so
b7261000-b7268000 r-xp 00000000 03:03 
71489      /usr/lib/gcc-lib/i686-pc-linux-gnu/3.3.6/libgcc_s.so.1
b7268000-b7269000 rwxp 00007000 03:03 
71489      /usr/lib/gcc-lib/i686-pc-linux-gnu/3.3.6/libgcc_s.so.1
b7269000-b7289000 r-xp 00000000 03:03 1211518    /lib/libm-2.3.5.so
b7289000-b728b000 rwxp 0001f000 03:03 1211518    /lib/libm-2.3.5.so
b728b000-b7336000 r-xp 00000000 03:03 
2967821    /usr/lib/gcc-lib/i686-pc-linux-gnu/3.3.6/libstdc++.so.5.0.7
b7336000-b733b000 rwxp 000aa000 03:03 
2967821    /usr/lib/gcc-lib/i686-pc-linux-gnu/3.3.6/libstdc++.so.5.0.7
b7340000-b7342000 r-xp 00000000 03:03 1211520    /lib/libdl-2.3.5.so
b7342000-b7344000 rwxp 00001000 03:03 1211520    /lib/libdl-2.3.5.so
b7344000-b7354000 r-xp 00000000 03:03 17158      /lib/libz.so.1.2.3
b7354000-b7355000 rwxp 0000f000 03:03 17158      /lib/libz.so.1.2.3
b7356000-b7418000 r-xp 00000000 03:03 905578     /usr/lib/libX11.so.6.2
b7418000-b741c000 rwxp 000c2000 03:03 905578     /usr/lib/libX11.so.6.2
b741c000-b7a8b000 r-xp 00000000 03:03 
1228548    /usr/qt/3/lib/libqt-mt.so.3.3.4
b7a8b000-b7acb000 rwxp 0066f000 03:03 
1228548    /usr/qt/3/lib/libqt-mt.so.3.3.4
b7acf000-b7add000 r-xp 00000000 03:03 1211563    /lib/libpthread-0.10.so
b7add000-b7ade000 r-xp 0000d000 03:03 1211563    /lib/libpthread-0.10.so
b7ade000-b7adf000 rwxp 0000e000 03:03 1211563    /lib/libpthread-0.10.so
b7b23000-b7b28000 r-xp 00000000 03:03 
65446      /opt/opera/lib/opera/8.50-20050916.5/spellcheck.so
b7b28000-b7b29000 rwxp 00004000 03:03 
65446      /opt/opera/lib/opera/8.50-20050916.5/spellcheck.so
b7b29000-b7b43000 r-xp 00000000 03:03 
999498     /usr/lib/X11/locale/lib/common/ximcp.so.2
b7b43000-b7b45000 rwxp 00019000 03:03 
999498     /usr/lib/X11/locale/lib/common/ximcp.so.2
b7b45000-b7b47000 r-xp 00000000 03:03 
999495     /usr/lib/X11/locale/lib/common/xlcDef.so.2
b7b47000-b7b48000 rwxp 00001000 03:03 
999495     /usr/lib/X11/locale/lib/common/xlcDef.so.2
b7b48000-b7c29000 r-xp 00000000 03:03 
492952     /opt/blackdown-jdk-1.4.2.02/jre/lib/i386/libawt.so
b7c29000-b7c32000 rwxp 000e0000 03:03 
492952     /opt/blackdown-jdk-1.4.2.02/jre/lib/i386/libawt.so
b7c56000-b7f17000 r-xp 00000000 03:03 
492939     /opt/blackdown-jdk-1.4.2.02/jre/lib/i386/client/libjvm.so
b7f17000-b7f32000 rwxp 002c0000 03:03 
492939     /opt/blackdown-jdk-1.4.2.02/jre/lib/i386/client/libjvm.so
b7f4a000-b7f5f000 r-xp 00000000 03:03 1211541    /lib/ld-2.3.5.so
b7f5f000-b7f60000 r-xp 00014000 03:03 1211541    /lib/ld-2.3.5.so
b7f60000-b7f61000 rwxp 00015000 03:03 1211541    /lib/ld-2.3.5.so
bfe48000-bfe5f000 rwxp bfe48000 00:00 0          [stack]
ffffe000-fffff000 ---p 00000000 00:00 0          [vdso]

Heap at VM Abort:
Heap
 def new generation   total 576K, used 2K [0xaa3b0000, 0xaa450000, 0xaa890000)
  eden space 512K,   0% used [0xaa3b0000, 0xaa3b0bd0, 0xaa430000)
  from space 64K,   0% used [0xaa430000, 0xaa430000, 0xaa440000)
  to   space 64K,   0% used [0xaa440000, 0xaa440000, 0xaa450000)
 tenured generation   total 6516K, used 4686K [0xaa890000, 0xaaeed000, 
0xae3b0000)
   the space 6516K,  71% used [0xaa890000, 0xaad23b80, 0xaad23c00, 0xaaeed000)
 compacting perm gen  total 4096K, used 3097K [0xae3b0000, 0xae7b0000, 
0xb23b0000)
   the space 4096K,  75% used [0xae3b0000, 0xae6b6400, 0xae6b6400, 0xae7b0000)

Local Time = Wed Nov 30 16:03:49 2005
Elapsed Time = 11
#
# The exception above was detected in native code outside the VM
#
# Java VM: Java HotSpot(TM) Client VM (Blackdown-1.4.2-02 mixed mode)
#
# An error report file has been saved as hs_err_pid27992.log.
# Please refer to the file for further information.
#
Aborted


-- 
Edward D Wiget
RHP Studios
"Keeping Your Data Safe!"
http://www.rhpstudios.com
606-407-1838

Attachment: pgpkMeWHlH48I.pgp
Description: PGP signature

[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  MDKSA-2005:218 - Updated kernel packages fix numerous vulnerabilities, Mandriva Security Team
Next by Date:  MDKSA-2005:217 - Updated netpbm packages fix pnmtopng vulnerabilities, Mandriva Security Team
Previous by Thread:  Opera 8.50 DoS with simple java applet, Marc Schoenefeld
Next by Thread:  MDKSA-2005:219 - Updated kernel packages fix numerous vulnerabilities, Mandriva Security Team
Indexes:  [Date] [Thread] [Top] [All Lists]