lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date: Tue, 10 Feb 2009 09:47:49 +0600 (NOVT)
From: "Dmitry Yu. Bolkhovityanov" <D.Yu.Bolkhovityanov@....nsk.su>
To: bugtraq@...urityfocus.com
Cc: jplopezy@...il.com
Subject: Re: Nokia N95-8 JPG crash

 	This file crashes Nokia E90 too (*#0000# says 210.34.75, 
12-04-2008, RA-6, Nokia E90 (16)).  In fact, E90 uses exactly the same 
platform as N95 (TI OMAP 2420) with same Symbian v9.2 (S60 v3 FP1), so the
crash was predictable.

 	I've tested on:

- Image browser -- by pressing [Open] in File Manager, so that the
   application crashes immediately, and File Manager barking "Unable to
   open file".

- Gallery -- begins to scan all images in phone memory and card, and
   crashes soon, obviously when it encounters nokiacrash.jpg.  So, just
   putting this file anywhere in the filesystem is Gallery DoS.

- Web Browser -- does nothing when typing file:///E:/nokiacrash.jpg, but
   crashes upon <IMG SRC=nokiacrash.jpg> in HTML file (of course,
   Settings->Page->Load Content have to be set to "Images" or "All",
   otherwise IMG tags are skipped).

 	_________________________________________
 	  Dmitry Yu. Bolkhovityanov
 	  The Budker Institute of Nuclear Physics
 	  Novosibirsk, Russia


On Sun, 7 Feb 2009, jplopezy@...il.com wrote:

> Application: Nokia N95-8
> OS: Symbian
> ------------------------------------------------------
> 1 - Description
> 2 - Vulnerability
> 3 - POC/EXPLOIT
>
> ------------------------------------------------------
> Description
>
>
> The nokia n95 is a smartphone, this phone have more tools, for example:
> gps,mp3,camera,wireless.
>
> :)
>
> ------------------------------------------------------
> Vulnerability
>
> The vulnerability is caused when opening a specially modified jpg file.
> This bug cause crash in the browser or in the aplication with that is open
> example "image editor" or Multimedia Messaging System.
>
> ------------------------------------------------------
> POC/EXPLOIT
>
> you can open this url with the browser or send mms with this image.
>
> http://es.geocities.com/jplopezy/nokiacrash.jpg
>
> ------------------------------------------------------
> Juan Pablo Lopez Yacubian
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ