| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: 11 Dec 2003 03:53:02 -0000
From: Walt Smith <walt@...tiva.com>
To: bugtraq@...urityfocus.com
Subject: A .NET class bug that can hang a machine instantly
I posted the following information to a couple of Microsoft news groups in the last couple of days with no response, so I thought I would post it here perhaps to encourage the examination of this .NET class, which I believe is vulnerable to exploits because of quality problems in the code. I believe the following bug could easily be used in an exploit to crash any Windows machine that is running .NET 1.1 in Windows XP. The bug is basically a flaw in the XMLTextReader class of .NET that locks the machine up so badly that it can only be shutdown with the power switch. I do not have an ASP.NET environment in which to test it, so I would be interested to know if it has any effect there that is similar to C# .NET. The bug can be reproduced in the following manner using the Visual Studio 7 .NET C# compiler:
1) Create a simple C# Windows Application Project and add a form
to it. Add System.XML to the namespaces of the project.
2) Add a ListBox control to the form. (name it lbUsers for this code)
3) Add the following code to the OnLoad event of the form:
protected override void OnLoad(EventArgs e)
{
XmlTextReader xmlConfigFile;
string filename = Application.StartupPath
+ "\\test.vtx";
xmlConfigFile = new XmlTextReader(filename);
while(xmlConfigFile.Read())
{
if(xmlConfigFile.NodeType == XmlNodeType.Element)
{
if(xmlConfigFile.Name == "User")
{
if(xmlConfigFile.HasAttributes)
{
while(xmlConfigFile.MoveToNextAttribute())
{
if(xmlConfigFile.Name == "Name")
lbUsers.Items.Add
(xmlConfigFile.Value);
}
}
}
}
}
lbUsers.Refresh();
base.OnLoad (e);
}
4) Place the following XML File in the application
directory for the project (the /debug directory). Name
the file test.vtx
<?xml version="1.0" encoding="UTF-8" ?>
<ConfigData>
<UserInfo>
<Users>
<User Name="AUDREY">
</User>
<User Name="WESLEY">
</User>
<User Name="DADDY">
</User>
</Users>
</UserInfo>
</ConfigData>
5) DO NOT PLACE any breakpoints in the code.
6) Use the F5 key (Debug/Run) to execute the code.
Result: The machine will hang. The only choice is the
power switch. CTRL-ALT-DEL is ineffective.
Other information:
a) If you execute this code from a Button.Click event on
the form, IT WORKS JUST FINE.
b) If you comment out all of the code inside the while
loop in the function, the machine will still hang.
c) If you move the base class OnLoad above the while
loop, the code will still hang.
d) If you put this code in the OnActivate function of the
form, the code will still hang.
Powered by blists - more mailing lists