lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: Sun, 14 Sep 2003 10:19:53 +0400
From: d4rkgr3y <grey_1999@...l.ru>
To: bugtraq@...urityfocus.com
Subject: ChatZilla <=v0.8.23 remote DoS vulnerability

/**********************************************************
*
*                m00 security advistory #003
*
*    ChatZilla <=v0.8.23 remote DoS vulnerability
*
*                     www.m00security.org
*
************************************************************/

---------------------------------
Product: ChatZilla
Version: 0.8.23 and bellow
OffSite: www.mozilla.org
---------------------------------

Overview:

ChatZilla is a (popular?) linux irc-client. Mozilla/5.0 include it.

Problem description:

It's possible to freeze system by sending special request
with very long string (60kb) to ChatZilla. The vuln could be used
by IRC server. Look at the attached exploit source code for more
info. Example on localhost:

[root@...alhost 0dd]# gcc -o m00-ChatZilla m00-ChatZilla.c
[root@...alhost 0dd]# ./m00-ChatZilla 6667

ChatZilla <=v0.8.23 remote DoS exploit // www.m00security.org

[~] Generating evil buf.... OK
[+] fake ircd created on port 6667
[+] User connected. Attacking.... OK

[root@...alhost 0dd]# ps -aux | grep mozilla-bin
satan     2128  0.0 12.3 49588 31564 ?       S    19:33   0:00 
/usr/lib/mozilla-1.3/mozilla-bin
satan     2118 29.4 12.3 49588 31564 ?       R    19:33   0:29 
/usr/lib/mozilla-1.3/mozilla-bin  <-----
satan     2127  0.0 12.3 49588 31564 ?       S    19:33   0:00 
/usr/lib/mozilla-1.3/mozilla-bin
satan     2129  0.0 12.3 49588 31564 ?       S    19:33   0:00 
/usr/lib/mozilla-1.3/mozilla-bin
satan     2130  0.0 12.3 49588 31564 ?       S    19:33   0:00 
/usr/lib/mozilla-1.3/mozilla-bin
satan     2131  0.0 12.3 49588 31564 ?       S    19:33   0:00 
/usr/lib/mozilla-1.3/mozilla-bin

....after ~10min CPU usage increase up to ~90% on Athlon XP 2000

[root@...alhost 0dd]# ps -aux | grep mozilla-bin
satan     2128  0.0 12.4 49588 31820 ?       S    19:33   0:00 
/usr/lib/mozilla-1.3/mozilla-bin
satan     2118 88.8 12.4 49588 31820 ?       R    19:33  10:45 
/usr/lib/mozilla-1.3/mozilla-bin <-----
satan     2127  0.0 12.4 49588 31820 ?       S    19:33   0:00 
/usr/lib/mozilla-1.3/mozilla-bin
satan     2129  0.0 12.4 49588 31820 ?       S    19:33   0:00 
/usr/lib/mozilla-1.3/mozilla-bin
satan     2130  0.0 12.4 49588 31820 ?       S    19:33   0:00 
/usr/lib/mozilla-1.3/mozilla-bin
satan     2131  0.0 12.4 49588 31820 ?       S    19:33   0:00 
/usr/lib/mozilla-1.3/mozilla-bin

Exploit attached.

(c) m00 Security / d4rkgr3y [d4rk@...uritylab.ru]


View attachment "m00-ChatZilla.c" of type "text/x-csrc" (1759 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ