lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20031211035302.3545.qmail@sf-www1-symnsj.securityfocus.com>
Date: 11 Dec 2003 03:53:02 -0000
From: Walt Smith <walt@...tiva.com>
To: bugtraq@...urityfocus.com
Subject: A .NET class  bug that can hang a machine instantly




I posted the following information to a couple of Microsoft news groups in the last couple of days with no response, so I thought I would post it here perhaps to encourage the examination of this .NET class, which I believe is vulnerable to exploits because of quality problems in the code.  I believe the following bug could easily be used in an exploit to crash any Windows machine that is running .NET 1.1 in Windows XP.  The bug is basically a flaw in the XMLTextReader class of .NET that locks the machine up so badly that it can only be shutdown with the power switch.  I do not have an ASP.NET environment in which to test it, so I would be interested to know if it has any effect there that is similar to C# .NET.  The bug can be reproduced in the following manner using the Visual Studio 7 .NET C# compiler:

1) Create a simple C# Windows Application Project and add a form 
to it.  Add System.XML to the namespaces of the project.
2) Add a ListBox control to the form.  (name it lbUsers for this code)
3) Add the following code to the OnLoad event of the form:

protected override void OnLoad(EventArgs e) 
{ 
   XmlTextReader xmlConfigFile; 

   string filename = Application.StartupPath 
+ "\\test.vtx"; 
   xmlConfigFile = new XmlTextReader(filename); 
          
   while(xmlConfigFile.Read()) 
   { 
     if(xmlConfigFile.NodeType == XmlNodeType.Element) 
     { 
        if(xmlConfigFile.Name == "User") 
        { 
          if(xmlConfigFile.HasAttributes) 
          { 
             while(xmlConfigFile.MoveToNextAttribute()) 
             { 
               if(xmlConfigFile.Name == "Name") 
                  lbUsers.Items.Add
(xmlConfigFile.Value);       
             } 
           } 
        } 
      } 
   } 
   lbUsers.Refresh(); 
   base.OnLoad (e); 
} 

4) Place the following XML File in the application 
directory for the project (the /debug directory).  Name 
the file test.vtx

<?xml version="1.0" encoding="UTF-8" ?> 
<ConfigData> 
   <UserInfo> 
      <Users> 
         <User Name="AUDREY"> 
         </User> 
         <User Name="WESLEY"> 
         </User> 
         <User Name="DADDY"> 
         </User> 
      </Users> 
   </UserInfo> 
</ConfigData> 


5)  DO NOT PLACE any breakpoints in the code.
6)  Use the F5 key (Debug/Run) to execute the code.

Result:  The machine will hang.  The only choice is the 
power switch.  CTRL-ALT-DEL is ineffective.

Other information:
a)  If you execute this code from a Button.Click event on 
the form, IT WORKS JUST FINE.
b)  If you comment out all of the code inside the while 
loop in the function, the machine will still hang.
c)  If you move the base class OnLoad above the while 
loop, the code will still hang.
d)  If you put this code in the OnActivate function of the 
form, the code will still hang.


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ