lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 30 Nov 2005 16:06:16 -0500
From: Edward D Wiget <ewiget@...studios.com>
To: bugtraq@...urityfocus.com
Subject: Re: Opera 8.50 DoS with simple java applet

On Tuesday 29 November 2005 06:31 pm, Marc Schoenefeld wrote:
> Hi y'all,
>
> it is possible to crash the opera 8.50 browser with a simple
> java applet (see below).
> This was observed on Win32, Linux versions maybe affected, too.

verified on gentoo linux, opera 8.50 and here is the results:

An unexpected exception has been detected in native code outside the VM.
Unexpected Signal : 11 occurred at PC=0x8181375
Function=(null)+0x8181375
Library=/opt/opera/lib/opera/8.50-20050916.5/opera

NOTE: We are unable to locate the function name symbol for the error
      just occurred. Please refer to release documentation for possible
      reason and solutions.


Current Java thread:

Dynamic libraries:
08048000-086a8000 r-xp 00000000 03:03 
101814     /opt/opera/lib/opera/8.50-20050916.5/opera
086a8000-086fc000 rwxp 00660000 03:03 
101814     /opt/opera/lib/opera/8.50-20050916.5/opera
086fc000-09021000 rwxp 086fc000 00:00 0          [heap]
a9f3b000-a9fd8000 r-xp 00000000 03:03 
492962     /opt/blackdown-jdk-1.4.2.02/jre/lib/i386/libfontmanager.so
a9fd8000-a9fea000 rwxp 0009d000 03:03 
492962     /opt/blackdown-jdk-1.4.2.02/jre/lib/i386/libfontmanager.so
a9fee000-aa0aa000 r-xs 00000000 03:03 
492912     /opt/blackdown-jdk-1.4.2.02/jre/lib/ext/localedata.jar
b43bf000-b495f000 r-xs 00000000 03:03 
492914     /opt/blackdown-jdk-1.4.2.02/jre/lib/charsets.jar
b495f000-b4970000 r-xs 00000000 03:03 
492884     /opt/blackdown-jdk-1.4.2.02/jre/lib/jce.jar
b4970000-b4a4d000 r-xs 00000000 03:03 
492867     /opt/blackdown-jdk-1.4.2.02/jre/lib/jsse.jar
b4a4d000-b4a63000 r-xs 00000000 03:03 
492924     /opt/blackdown-jdk-1.4.2.02/jre/lib/sunrsasign.jar
b4aad000-b6459000 r-xs 00000000 03:03 
493045     /opt/blackdown-jdk-1.4.2.02/jre/lib/rt.jar
b6459000-b645d000 r-xp 00000000 03:03 1211527    /lib/libnss_dns-2.3.5.so
b645d000-b645f000 rwxp 00003000 03:03 1211527    /lib/libnss_dns-2.3.5.so
b6465000-b6473000 r-xs 00000000 03:03 
492889     /opt/blackdown-jdk-1.4.2.02/jre/lib/ext/ldapsec.jar
b6473000-b648f000 r-xs 00000000 03:03 
492887     /opt/blackdown-jdk-1.4.2.02/jre/lib/ext/sunjce_provider.jar
b648f000-b6492000 r-xs 00000000 03:03 
492886     /opt/blackdown-jdk-1.4.2.02/jre/lib/ext/dnsns.jar
b6613000-b67f5000 r-xs 00000000 03:03 
492888     /opt/blackdown-jdk-1.4.2.02/jre/lib/plugin.jar
b67f5000-b6806000 r-xs 00000000 03:03 
310987     /opt/opera/share/opera/java/opera.jar
b6806000-b6817000 r-xp 00000000 03:03 
492948     /opt/blackdown-jdk-1.4.2.02/jre/lib/i386/libzip.so
b6817000-b6819000 rwxp 00011000 03:03 
492948     /opt/blackdown-jdk-1.4.2.02/jre/lib/i386/libzip.so
b6819000-b6821000 r-xp 00000000 03:03 
492953     /opt/blackdown-jdk-1.4.2.02/jre/lib/i386/native_threads/libhpi.so
b6821000-b6822000 rwxp 00007000 03:03 
492953     /opt/blackdown-jdk-1.4.2.02/jre/lib/i386/native_threads/libhpi.so
b6857000-b6866000 r-xp 00000000 03:03 
492951     /opt/blackdown-jdk-1.4.2.02/jre/lib/i386/libnet.so
b6866000-b6867000 rwxp 0000e000 03:03 
492951     /opt/blackdown-jdk-1.4.2.02/jre/lib/i386/libnet.so
b6867000-b6877000 r-xp 00000000 03:03 
821509     /usr/share/fonts/TTF/VeraIt.ttf
b6877000-b6886000 r-xp 00000000 03:03 
821514     /usr/share/fonts/TTF/VeraSe.ttf
b6886000-b688e000 r-xp 00000000 03:03 1211529    /lib/libnss_files-2.3.5.so
b688e000-b6890000 rwxp 00007000 03:03 1211529    /lib/libnss_files-2.3.5.so
b6890000-b6898000 r-xp 00000000 03:03 1211537    /lib/libnss_nis-2.3.5.so
b6898000-b689a000 rwxp 00007000 03:03 1211537    /lib/libnss_nis-2.3.5.so
b689a000-b68a1000 r-xp 00000000 03:03 1211539    /lib/libnss_compat-2.3.5.so
b68a1000-b68a3000 rwxp 00006000 03:03 1211539    /lib/libnss_compat-2.3.5.so
b68a4000-b68a8000 rwxs 00000000 03:03 3222908    /tmp/hsperfdata_ewiget/27992
b68a8000-b68b7000 r-xp 00000000 03:03 1211526    /lib/libresolv-2.3.5.so
b68b7000-b68b9000 rwxp 0000e000 03:03 1211526    /lib/libresolv-2.3.5.so
b68bb000-b68ca000 r-xp 00000000 03:03 
821508     /usr/share/fonts/TTF/VeraBd.ttf
b68ca000-b68d3000 r-xp 00000000 03:03 
999499     /usr/lib/X11/locale/lib/common/xomGeneric.so.2
b68d3000-b68d4000 rwxp 00008000 03:03 
999499     /usr/lib/X11/locale/lib/common/xomGeneric.so.2
b6b46000-b6b57000 r-xp 00000000 03:03 821506     /usr/share/fonts/TTF/Vera.ttf
b6b58000-b6b83000 r-xp 00000000 03:03 
3026163    /usr/kde/3.4/lib/libkdefx.so.4.2.0
b6b83000-b6b84000 rwxp 0002a000 03:03 
3026163    /usr/kde/3.4/lib/libkdefx.so.4.2.0
b6b85000-b6b8a000 r-xp 00000000 03:03 3156640    /lib/libgpm.so.1.19.0
b6b8a000-b6b8b000 rwxp 00004000 03:03 3156640    /lib/libgpm.so.1.19.0
b6b8b000-b6c1f000 r-xp 00000000 03:03 3287607    /usr/lib/libaspell.so.15.0.3
b6c1f000-b6c23000 rwxp 00093000 03:03 3287607    /usr/lib/libaspell.so.15.0.3
b6c26000-b6c45000 r-xp 00000000 03:03 
3026435    /usr/kde/3.4/lib/kde3/plugins/styles/plastik.so
b6c45000-b6c46000 rwxp 0001e000 03:03 
3026435    /usr/kde/3.4/lib/kde3/plugins/styles/plastik.so
b6c4b000-b6c4c000 r-xp 00000000 03:03 
65448      /opt/opera/lib/opera/8.50-20050916.5/missingsyms.so
b6c4c000-b6c4d000 rwxp 00000000 03:03 
65448      /opt/opera/lib/opera/8.50-20050916.5/missingsyms.so
b6c4e000-b6c6c000 r-xp 00000000 03:03 2913494    /usr/lib/libexpat.so.0.5.0
b6c6c000-b6c6e000 rwxp 0001d000 03:03 2913494    /usr/lib/libexpat.so.0.5.0
b6c6e000-b6c96000 r-xp 00000000 03:03 212641     /usr/lib/liblcms.so.1.0.13
b6c96000-b6c98000 rwxp 00028000 03:03 212641     /usr/lib/liblcms.so.1.0.13
b6c9a000-b6cab000 r-xp 00000000 03:03 
492935     /opt/blackdown-jdk-1.4.2.02/jre/lib/i386/libverify.so
b6cab000-b6cac000 rwxp 00011000 03:03 
492935     /opt/blackdown-jdk-1.4.2.02/jre/lib/i386/libverify.so
b6cad000-b6ccf000 r-xp 00000000 03:03 
3123403    /usr/lib/libfontconfig.so.1.0.4
b6ccf000-b6cd2000 rwxp 00022000 03:03 
3123403    /usr/lib/libfontconfig.so.1.0.4
b6cd3000-b6d3b000 r-xp 00000000 03:03 3435432    /usr/lib/libfreetype.so.6.3.7
b6d3b000-b6d42000 rwxp 00068000 03:03 3435432    /usr/lib/libfreetype.so.6.3.7
b6d42000-b6d53000 r-xp 00000000 03:03 905696     /usr/lib/libXft.so.2.1.2
b6d53000-b6d54000 rwxp 00011000 03:03 905696     /usr/lib/libXft.so.2.1.2
b6d54000-b6d5c000 r-xp 00000000 03:03 905738     /usr/lib/libXcursor.so.1.0.2
b6d5c000-b6d5d000 rwxp 00007000 03:03 905738     /usr/lib/libXcursor.so.1.0.2
b6d5e000-b6d60000 r-xp 00000000 03:03 905618     /usr/lib/libXrandr.so.2.0
b6d60000-b6d61000 rwxp 00002000 03:03 905618     /usr/lib/libXrandr.so.2.0
b6d61000-b6d68000 r-xp 00000000 03:03 905710     /usr/lib/libXrender.so.1.2.2
b6d68000-b6d69000 rwxp 00006000 03:03 905710     /usr/lib/libXrender.so.1.2.2
b6d69000-b6d70000 r-xp 00000000 03:03 905699     /usr/lib/libXi.so.6.0
b6d70000-b6d71000 rwxp 00006000 03:03 905699     /usr/lib/libXi.so.6.0
b6d71000-b6da1000 r-xp 00000000 03:03 16663      /usr/lib/libpng.so.3.1.2.8
b6da1000-b6da2000 rwxp 0002f000 03:03 16663      /usr/lib/libpng.so.3.1.2.8
b6da2000-b6dbe000 r-xp 00000000 03:03 2830313    /usr/lib/libjpeg.so.62.0.0
b6dbe000-b6dbf000 rwxp 0001b000 03:03 2830313    /usr/lib/libjpeg.so.62.0.0
b6dbf000-b6e18000 r-xp 00000000 03:03 3029511    /usr/lib/libmng.so.1.0.0
b6e18000-b6e1b000 rwxp 00058000 03:03 3029511    /usr/lib/libmng.so.1.0.0
b6e1c000-b6e3b000 r-xp 00000000 03:03 
492930     /opt/blackdown-jdk-1.4.2.02/jre/lib/i386/libjava.so
b6e3b000-b6e3c000 rwxp 0001f000 03:03 
492930     /opt/blackdown-jdk-1.4.2.02/jre/lib/i386/libjava.so
b6e3c000-b6e40000 r-xp 00000000 03:03 905586     /usr/lib/libXtst.so.6.1
b6e40000-b6e41000 rwxp 00003000 03:03 905586     /usr/lib/libXtst.so.6.1
b6e41000-b6e4e000 r-xp 00000000 03:03 905726     /usr/lib/libXext.so.6.4
b6e4e000-b6e4f000 rwxp 0000c000 03:03 905726     /usr/lib/libXext.so.6.4
b6e4f000-b6e63000 r-xp 00000000 03:03 905706     /usr/lib/libICE.so.6.3
b6e63000-b6e64000 rwxp 00014000 03:03 905706     /usr/lib/libICE.so.6.3
b6e66000-b6e6e000 r-xp 00000000 03:03 905665     /usr/lib/libSM.so.6.0
b6e6e000-b6e6f000 rwxp 00007000 03:03 905665     /usr/lib/libSM.so.6.0
b6e70000-b6ebb000 r-xp 00000000 03:03 905590     /usr/lib/libXt.so.6.0
b6ebb000-b6ebe000 rwxp 0004b000 03:03 905590     /usr/lib/libXt.so.6.0
b6ebf000-b6ec6000 r-xp 00000000 03:03 905614     /usr/lib/libXp.so.6.2
b6ec6000-b6ec7000 rwxp 00006000 03:03 905614     /usr/lib/libXp.so.6.2
b6ec7000-b70b9000 r-xp 00000000 03:03 
492944     /opt/blackdown-jdk-1.4.2.02/jre/lib/i386/libXm.so.3
b70b9000-b70d3000 rwxp 001f1000 03:03 
492944     /opt/blackdown-jdk-1.4.2.02/jre/lib/i386/libXm.so.3
b70d4000-b713a000 r-xp 00000000 03:03 
492937     /opt/blackdown-jdk-1.4.2.02/jre/lib/i386/libmlib_image.so
b713a000-b713b000 rwxp 00066000 03:03 
492937     /opt/blackdown-jdk-1.4.2.02/jre/lib/i386/libmlib_image.so
b713b000-b714c000 r-xp 00000000 03:03 1211536    /lib/libnsl-2.3.5.so
b714c000-b714e000 rwxp 00010000 03:03 1211536    /lib/libnsl-2.3.5.so
b7151000-b725a000 r-xp 00000000 03:03 1211562    /lib/libc-2.3.5.so
b725a000-b725b000 ---p 00109000 03:03 1211562    /lib/libc-2.3.5.so
b725b000-b725c000 r-xp 00109000 03:03 1211562    /lib/libc-2.3.5.so
b725c000-b725f000 rwxp 0010a000 03:03 1211562    /lib/libc-2.3.5.so
b7261000-b7268000 r-xp 00000000 03:03 
71489      /usr/lib/gcc-lib/i686-pc-linux-gnu/3.3.6/libgcc_s.so.1
b7268000-b7269000 rwxp 00007000 03:03 
71489      /usr/lib/gcc-lib/i686-pc-linux-gnu/3.3.6/libgcc_s.so.1
b7269000-b7289000 r-xp 00000000 03:03 1211518    /lib/libm-2.3.5.so
b7289000-b728b000 rwxp 0001f000 03:03 1211518    /lib/libm-2.3.5.so
b728b000-b7336000 r-xp 00000000 03:03 
2967821    /usr/lib/gcc-lib/i686-pc-linux-gnu/3.3.6/libstdc++.so.5.0.7
b7336000-b733b000 rwxp 000aa000 03:03 
2967821    /usr/lib/gcc-lib/i686-pc-linux-gnu/3.3.6/libstdc++.so.5.0.7
b7340000-b7342000 r-xp 00000000 03:03 1211520    /lib/libdl-2.3.5.so
b7342000-b7344000 rwxp 00001000 03:03 1211520    /lib/libdl-2.3.5.so
b7344000-b7354000 r-xp 00000000 03:03 17158      /lib/libz.so.1.2.3
b7354000-b7355000 rwxp 0000f000 03:03 17158      /lib/libz.so.1.2.3
b7356000-b7418000 r-xp 00000000 03:03 905578     /usr/lib/libX11.so.6.2
b7418000-b741c000 rwxp 000c2000 03:03 905578     /usr/lib/libX11.so.6.2
b741c000-b7a8b000 r-xp 00000000 03:03 
1228548    /usr/qt/3/lib/libqt-mt.so.3.3.4
b7a8b000-b7acb000 rwxp 0066f000 03:03 
1228548    /usr/qt/3/lib/libqt-mt.so.3.3.4
b7acf000-b7add000 r-xp 00000000 03:03 1211563    /lib/libpthread-0.10.so
b7add000-b7ade000 r-xp 0000d000 03:03 1211563    /lib/libpthread-0.10.so
b7ade000-b7adf000 rwxp 0000e000 03:03 1211563    /lib/libpthread-0.10.so
b7b23000-b7b28000 r-xp 00000000 03:03 
65446      /opt/opera/lib/opera/8.50-20050916.5/spellcheck.so
b7b28000-b7b29000 rwxp 00004000 03:03 
65446      /opt/opera/lib/opera/8.50-20050916.5/spellcheck.so
b7b29000-b7b43000 r-xp 00000000 03:03 
999498     /usr/lib/X11/locale/lib/common/ximcp.so.2
b7b43000-b7b45000 rwxp 00019000 03:03 
999498     /usr/lib/X11/locale/lib/common/ximcp.so.2
b7b45000-b7b47000 r-xp 00000000 03:03 
999495     /usr/lib/X11/locale/lib/common/xlcDef.so.2
b7b47000-b7b48000 rwxp 00001000 03:03 
999495     /usr/lib/X11/locale/lib/common/xlcDef.so.2
b7b48000-b7c29000 r-xp 00000000 03:03 
492952     /opt/blackdown-jdk-1.4.2.02/jre/lib/i386/libawt.so
b7c29000-b7c32000 rwxp 000e0000 03:03 
492952     /opt/blackdown-jdk-1.4.2.02/jre/lib/i386/libawt.so
b7c56000-b7f17000 r-xp 00000000 03:03 
492939     /opt/blackdown-jdk-1.4.2.02/jre/lib/i386/client/libjvm.so
b7f17000-b7f32000 rwxp 002c0000 03:03 
492939     /opt/blackdown-jdk-1.4.2.02/jre/lib/i386/client/libjvm.so
b7f4a000-b7f5f000 r-xp 00000000 03:03 1211541    /lib/ld-2.3.5.so
b7f5f000-b7f60000 r-xp 00014000 03:03 1211541    /lib/ld-2.3.5.so
b7f60000-b7f61000 rwxp 00015000 03:03 1211541    /lib/ld-2.3.5.so
bfe48000-bfe5f000 rwxp bfe48000 00:00 0          [stack]
ffffe000-fffff000 ---p 00000000 00:00 0          [vdso]

Heap at VM Abort:
Heap
 def new generation   total 576K, used 2K [0xaa3b0000, 0xaa450000, 0xaa890000)
  eden space 512K,   0% used [0xaa3b0000, 0xaa3b0bd0, 0xaa430000)
  from space 64K,   0% used [0xaa430000, 0xaa430000, 0xaa440000)
  to   space 64K,   0% used [0xaa440000, 0xaa440000, 0xaa450000)
 tenured generation   total 6516K, used 4686K [0xaa890000, 0xaaeed000, 
0xae3b0000)
   the space 6516K,  71% used [0xaa890000, 0xaad23b80, 0xaad23c00, 0xaaeed000)
 compacting perm gen  total 4096K, used 3097K [0xae3b0000, 0xae7b0000, 
0xb23b0000)
   the space 4096K,  75% used [0xae3b0000, 0xae6b6400, 0xae6b6400, 0xae7b0000)

Local Time = Wed Nov 30 16:03:49 2005
Elapsed Time = 11
#
# The exception above was detected in native code outside the VM
#
# Java VM: Java HotSpot(TM) Client VM (Blackdown-1.4.2-02 mixed mode)
#
# An error report file has been saved as hs_err_pid27992.log.
# Please refer to the file for further information.
#
Aborted


-- 
Edward D Wiget
RHP Studios
"Keeping Your Data Safe!"
http://www.rhpstudios.com
606-407-1838

Content of type "application/pgp-signature" skipped

Powered by blists - more mailing lists