[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <200511301606.23142.ewiget@rhpstudios.com>
Date: Wed, 30 Nov 2005 16:06:16 -0500
From: Edward D Wiget <ewiget@...studios.com>
To: bugtraq@...urityfocus.com
Subject: Re: Opera 8.50 DoS with simple java applet
On Tuesday 29 November 2005 06:31 pm, Marc Schoenefeld wrote:
> Hi y'all,
>
> it is possible to crash the opera 8.50 browser with a simple
> java applet (see below).
> This was observed on Win32, Linux versions maybe affected, too.
verified on gentoo linux, opera 8.50 and here is the results:
An unexpected exception has been detected in native code outside the VM.
Unexpected Signal : 11 occurred at PC=0x8181375
Function=(null)+0x8181375
Library=/opt/opera/lib/opera/8.50-20050916.5/opera
NOTE: We are unable to locate the function name symbol for the error
just occurred. Please refer to release documentation for possible
reason and solutions.
Current Java thread:
Dynamic libraries:
08048000-086a8000 r-xp 00000000 03:03
101814 /opt/opera/lib/opera/8.50-20050916.5/opera
086a8000-086fc000 rwxp 00660000 03:03
101814 /opt/opera/lib/opera/8.50-20050916.5/opera
086fc000-09021000 rwxp 086fc000 00:00 0 [heap]
a9f3b000-a9fd8000 r-xp 00000000 03:03
492962 /opt/blackdown-jdk-1.4.2.02/jre/lib/i386/libfontmanager.so
a9fd8000-a9fea000 rwxp 0009d000 03:03
492962 /opt/blackdown-jdk-1.4.2.02/jre/lib/i386/libfontmanager.so
a9fee000-aa0aa000 r-xs 00000000 03:03
492912 /opt/blackdown-jdk-1.4.2.02/jre/lib/ext/localedata.jar
b43bf000-b495f000 r-xs 00000000 03:03
492914 /opt/blackdown-jdk-1.4.2.02/jre/lib/charsets.jar
b495f000-b4970000 r-xs 00000000 03:03
492884 /opt/blackdown-jdk-1.4.2.02/jre/lib/jce.jar
b4970000-b4a4d000 r-xs 00000000 03:03
492867 /opt/blackdown-jdk-1.4.2.02/jre/lib/jsse.jar
b4a4d000-b4a63000 r-xs 00000000 03:03
492924 /opt/blackdown-jdk-1.4.2.02/jre/lib/sunrsasign.jar
b4aad000-b6459000 r-xs 00000000 03:03
493045 /opt/blackdown-jdk-1.4.2.02/jre/lib/rt.jar
b6459000-b645d000 r-xp 00000000 03:03 1211527 /lib/libnss_dns-2.3.5.so
b645d000-b645f000 rwxp 00003000 03:03 1211527 /lib/libnss_dns-2.3.5.so
b6465000-b6473000 r-xs 00000000 03:03
492889 /opt/blackdown-jdk-1.4.2.02/jre/lib/ext/ldapsec.jar
b6473000-b648f000 r-xs 00000000 03:03
492887 /opt/blackdown-jdk-1.4.2.02/jre/lib/ext/sunjce_provider.jar
b648f000-b6492000 r-xs 00000000 03:03
492886 /opt/blackdown-jdk-1.4.2.02/jre/lib/ext/dnsns.jar
b6613000-b67f5000 r-xs 00000000 03:03
492888 /opt/blackdown-jdk-1.4.2.02/jre/lib/plugin.jar
b67f5000-b6806000 r-xs 00000000 03:03
310987 /opt/opera/share/opera/java/opera.jar
b6806000-b6817000 r-xp 00000000 03:03
492948 /opt/blackdown-jdk-1.4.2.02/jre/lib/i386/libzip.so
b6817000-b6819000 rwxp 00011000 03:03
492948 /opt/blackdown-jdk-1.4.2.02/jre/lib/i386/libzip.so
b6819000-b6821000 r-xp 00000000 03:03
492953 /opt/blackdown-jdk-1.4.2.02/jre/lib/i386/native_threads/libhpi.so
b6821000-b6822000 rwxp 00007000 03:03
492953 /opt/blackdown-jdk-1.4.2.02/jre/lib/i386/native_threads/libhpi.so
b6857000-b6866000 r-xp 00000000 03:03
492951 /opt/blackdown-jdk-1.4.2.02/jre/lib/i386/libnet.so
b6866000-b6867000 rwxp 0000e000 03:03
492951 /opt/blackdown-jdk-1.4.2.02/jre/lib/i386/libnet.so
b6867000-b6877000 r-xp 00000000 03:03
821509 /usr/share/fonts/TTF/VeraIt.ttf
b6877000-b6886000 r-xp 00000000 03:03
821514 /usr/share/fonts/TTF/VeraSe.ttf
b6886000-b688e000 r-xp 00000000 03:03 1211529 /lib/libnss_files-2.3.5.so
b688e000-b6890000 rwxp 00007000 03:03 1211529 /lib/libnss_files-2.3.5.so
b6890000-b6898000 r-xp 00000000 03:03 1211537 /lib/libnss_nis-2.3.5.so
b6898000-b689a000 rwxp 00007000 03:03 1211537 /lib/libnss_nis-2.3.5.so
b689a000-b68a1000 r-xp 00000000 03:03 1211539 /lib/libnss_compat-2.3.5.so
b68a1000-b68a3000 rwxp 00006000 03:03 1211539 /lib/libnss_compat-2.3.5.so
b68a4000-b68a8000 rwxs 00000000 03:03 3222908 /tmp/hsperfdata_ewiget/27992
b68a8000-b68b7000 r-xp 00000000 03:03 1211526 /lib/libresolv-2.3.5.so
b68b7000-b68b9000 rwxp 0000e000 03:03 1211526 /lib/libresolv-2.3.5.so
b68bb000-b68ca000 r-xp 00000000 03:03
821508 /usr/share/fonts/TTF/VeraBd.ttf
b68ca000-b68d3000 r-xp 00000000 03:03
999499 /usr/lib/X11/locale/lib/common/xomGeneric.so.2
b68d3000-b68d4000 rwxp 00008000 03:03
999499 /usr/lib/X11/locale/lib/common/xomGeneric.so.2
b6b46000-b6b57000 r-xp 00000000 03:03 821506 /usr/share/fonts/TTF/Vera.ttf
b6b58000-b6b83000 r-xp 00000000 03:03
3026163 /usr/kde/3.4/lib/libkdefx.so.4.2.0
b6b83000-b6b84000 rwxp 0002a000 03:03
3026163 /usr/kde/3.4/lib/libkdefx.so.4.2.0
b6b85000-b6b8a000 r-xp 00000000 03:03 3156640 /lib/libgpm.so.1.19.0
b6b8a000-b6b8b000 rwxp 00004000 03:03 3156640 /lib/libgpm.so.1.19.0
b6b8b000-b6c1f000 r-xp 00000000 03:03 3287607 /usr/lib/libaspell.so.15.0.3
b6c1f000-b6c23000 rwxp 00093000 03:03 3287607 /usr/lib/libaspell.so.15.0.3
b6c26000-b6c45000 r-xp 00000000 03:03
3026435 /usr/kde/3.4/lib/kde3/plugins/styles/plastik.so
b6c45000-b6c46000 rwxp 0001e000 03:03
3026435 /usr/kde/3.4/lib/kde3/plugins/styles/plastik.so
b6c4b000-b6c4c000 r-xp 00000000 03:03
65448 /opt/opera/lib/opera/8.50-20050916.5/missingsyms.so
b6c4c000-b6c4d000 rwxp 00000000 03:03
65448 /opt/opera/lib/opera/8.50-20050916.5/missingsyms.so
b6c4e000-b6c6c000 r-xp 00000000 03:03 2913494 /usr/lib/libexpat.so.0.5.0
b6c6c000-b6c6e000 rwxp 0001d000 03:03 2913494 /usr/lib/libexpat.so.0.5.0
b6c6e000-b6c96000 r-xp 00000000 03:03 212641 /usr/lib/liblcms.so.1.0.13
b6c96000-b6c98000 rwxp 00028000 03:03 212641 /usr/lib/liblcms.so.1.0.13
b6c9a000-b6cab000 r-xp 00000000 03:03
492935 /opt/blackdown-jdk-1.4.2.02/jre/lib/i386/libverify.so
b6cab000-b6cac000 rwxp 00011000 03:03
492935 /opt/blackdown-jdk-1.4.2.02/jre/lib/i386/libverify.so
b6cad000-b6ccf000 r-xp 00000000 03:03
3123403 /usr/lib/libfontconfig.so.1.0.4
b6ccf000-b6cd2000 rwxp 00022000 03:03
3123403 /usr/lib/libfontconfig.so.1.0.4
b6cd3000-b6d3b000 r-xp 00000000 03:03 3435432 /usr/lib/libfreetype.so.6.3.7
b6d3b000-b6d42000 rwxp 00068000 03:03 3435432 /usr/lib/libfreetype.so.6.3.7
b6d42000-b6d53000 r-xp 00000000 03:03 905696 /usr/lib/libXft.so.2.1.2
b6d53000-b6d54000 rwxp 00011000 03:03 905696 /usr/lib/libXft.so.2.1.2
b6d54000-b6d5c000 r-xp 00000000 03:03 905738 /usr/lib/libXcursor.so.1.0.2
b6d5c000-b6d5d000 rwxp 00007000 03:03 905738 /usr/lib/libXcursor.so.1.0.2
b6d5e000-b6d60000 r-xp 00000000 03:03 905618 /usr/lib/libXrandr.so.2.0
b6d60000-b6d61000 rwxp 00002000 03:03 905618 /usr/lib/libXrandr.so.2.0
b6d61000-b6d68000 r-xp 00000000 03:03 905710 /usr/lib/libXrender.so.1.2.2
b6d68000-b6d69000 rwxp 00006000 03:03 905710 /usr/lib/libXrender.so.1.2.2
b6d69000-b6d70000 r-xp 00000000 03:03 905699 /usr/lib/libXi.so.6.0
b6d70000-b6d71000 rwxp 00006000 03:03 905699 /usr/lib/libXi.so.6.0
b6d71000-b6da1000 r-xp 00000000 03:03 16663 /usr/lib/libpng.so.3.1.2.8
b6da1000-b6da2000 rwxp 0002f000 03:03 16663 /usr/lib/libpng.so.3.1.2.8
b6da2000-b6dbe000 r-xp 00000000 03:03 2830313 /usr/lib/libjpeg.so.62.0.0
b6dbe000-b6dbf000 rwxp 0001b000 03:03 2830313 /usr/lib/libjpeg.so.62.0.0
b6dbf000-b6e18000 r-xp 00000000 03:03 3029511 /usr/lib/libmng.so.1.0.0
b6e18000-b6e1b000 rwxp 00058000 03:03 3029511 /usr/lib/libmng.so.1.0.0
b6e1c000-b6e3b000 r-xp 00000000 03:03
492930 /opt/blackdown-jdk-1.4.2.02/jre/lib/i386/libjava.so
b6e3b000-b6e3c000 rwxp 0001f000 03:03
492930 /opt/blackdown-jdk-1.4.2.02/jre/lib/i386/libjava.so
b6e3c000-b6e40000 r-xp 00000000 03:03 905586 /usr/lib/libXtst.so.6.1
b6e40000-b6e41000 rwxp 00003000 03:03 905586 /usr/lib/libXtst.so.6.1
b6e41000-b6e4e000 r-xp 00000000 03:03 905726 /usr/lib/libXext.so.6.4
b6e4e000-b6e4f000 rwxp 0000c000 03:03 905726 /usr/lib/libXext.so.6.4
b6e4f000-b6e63000 r-xp 00000000 03:03 905706 /usr/lib/libICE.so.6.3
b6e63000-b6e64000 rwxp 00014000 03:03 905706 /usr/lib/libICE.so.6.3
b6e66000-b6e6e000 r-xp 00000000 03:03 905665 /usr/lib/libSM.so.6.0
b6e6e000-b6e6f000 rwxp 00007000 03:03 905665 /usr/lib/libSM.so.6.0
b6e70000-b6ebb000 r-xp 00000000 03:03 905590 /usr/lib/libXt.so.6.0
b6ebb000-b6ebe000 rwxp 0004b000 03:03 905590 /usr/lib/libXt.so.6.0
b6ebf000-b6ec6000 r-xp 00000000 03:03 905614 /usr/lib/libXp.so.6.2
b6ec6000-b6ec7000 rwxp 00006000 03:03 905614 /usr/lib/libXp.so.6.2
b6ec7000-b70b9000 r-xp 00000000 03:03
492944 /opt/blackdown-jdk-1.4.2.02/jre/lib/i386/libXm.so.3
b70b9000-b70d3000 rwxp 001f1000 03:03
492944 /opt/blackdown-jdk-1.4.2.02/jre/lib/i386/libXm.so.3
b70d4000-b713a000 r-xp 00000000 03:03
492937 /opt/blackdown-jdk-1.4.2.02/jre/lib/i386/libmlib_image.so
b713a000-b713b000 rwxp 00066000 03:03
492937 /opt/blackdown-jdk-1.4.2.02/jre/lib/i386/libmlib_image.so
b713b000-b714c000 r-xp 00000000 03:03 1211536 /lib/libnsl-2.3.5.so
b714c000-b714e000 rwxp 00010000 03:03 1211536 /lib/libnsl-2.3.5.so
b7151000-b725a000 r-xp 00000000 03:03 1211562 /lib/libc-2.3.5.so
b725a000-b725b000 ---p 00109000 03:03 1211562 /lib/libc-2.3.5.so
b725b000-b725c000 r-xp 00109000 03:03 1211562 /lib/libc-2.3.5.so
b725c000-b725f000 rwxp 0010a000 03:03 1211562 /lib/libc-2.3.5.so
b7261000-b7268000 r-xp 00000000 03:03
71489 /usr/lib/gcc-lib/i686-pc-linux-gnu/3.3.6/libgcc_s.so.1
b7268000-b7269000 rwxp 00007000 03:03
71489 /usr/lib/gcc-lib/i686-pc-linux-gnu/3.3.6/libgcc_s.so.1
b7269000-b7289000 r-xp 00000000 03:03 1211518 /lib/libm-2.3.5.so
b7289000-b728b000 rwxp 0001f000 03:03 1211518 /lib/libm-2.3.5.so
b728b000-b7336000 r-xp 00000000 03:03
2967821 /usr/lib/gcc-lib/i686-pc-linux-gnu/3.3.6/libstdc++.so.5.0.7
b7336000-b733b000 rwxp 000aa000 03:03
2967821 /usr/lib/gcc-lib/i686-pc-linux-gnu/3.3.6/libstdc++.so.5.0.7
b7340000-b7342000 r-xp 00000000 03:03 1211520 /lib/libdl-2.3.5.so
b7342000-b7344000 rwxp 00001000 03:03 1211520 /lib/libdl-2.3.5.so
b7344000-b7354000 r-xp 00000000 03:03 17158 /lib/libz.so.1.2.3
b7354000-b7355000 rwxp 0000f000 03:03 17158 /lib/libz.so.1.2.3
b7356000-b7418000 r-xp 00000000 03:03 905578 /usr/lib/libX11.so.6.2
b7418000-b741c000 rwxp 000c2000 03:03 905578 /usr/lib/libX11.so.6.2
b741c000-b7a8b000 r-xp 00000000 03:03
1228548 /usr/qt/3/lib/libqt-mt.so.3.3.4
b7a8b000-b7acb000 rwxp 0066f000 03:03
1228548 /usr/qt/3/lib/libqt-mt.so.3.3.4
b7acf000-b7add000 r-xp 00000000 03:03 1211563 /lib/libpthread-0.10.so
b7add000-b7ade000 r-xp 0000d000 03:03 1211563 /lib/libpthread-0.10.so
b7ade000-b7adf000 rwxp 0000e000 03:03 1211563 /lib/libpthread-0.10.so
b7b23000-b7b28000 r-xp 00000000 03:03
65446 /opt/opera/lib/opera/8.50-20050916.5/spellcheck.so
b7b28000-b7b29000 rwxp 00004000 03:03
65446 /opt/opera/lib/opera/8.50-20050916.5/spellcheck.so
b7b29000-b7b43000 r-xp 00000000 03:03
999498 /usr/lib/X11/locale/lib/common/ximcp.so.2
b7b43000-b7b45000 rwxp 00019000 03:03
999498 /usr/lib/X11/locale/lib/common/ximcp.so.2
b7b45000-b7b47000 r-xp 00000000 03:03
999495 /usr/lib/X11/locale/lib/common/xlcDef.so.2
b7b47000-b7b48000 rwxp 00001000 03:03
999495 /usr/lib/X11/locale/lib/common/xlcDef.so.2
b7b48000-b7c29000 r-xp 00000000 03:03
492952 /opt/blackdown-jdk-1.4.2.02/jre/lib/i386/libawt.so
b7c29000-b7c32000 rwxp 000e0000 03:03
492952 /opt/blackdown-jdk-1.4.2.02/jre/lib/i386/libawt.so
b7c56000-b7f17000 r-xp 00000000 03:03
492939 /opt/blackdown-jdk-1.4.2.02/jre/lib/i386/client/libjvm.so
b7f17000-b7f32000 rwxp 002c0000 03:03
492939 /opt/blackdown-jdk-1.4.2.02/jre/lib/i386/client/libjvm.so
b7f4a000-b7f5f000 r-xp 00000000 03:03 1211541 /lib/ld-2.3.5.so
b7f5f000-b7f60000 r-xp 00014000 03:03 1211541 /lib/ld-2.3.5.so
b7f60000-b7f61000 rwxp 00015000 03:03 1211541 /lib/ld-2.3.5.so
bfe48000-bfe5f000 rwxp bfe48000 00:00 0 [stack]
ffffe000-fffff000 ---p 00000000 00:00 0 [vdso]
Heap at VM Abort:
Heap
def new generation total 576K, used 2K [0xaa3b0000, 0xaa450000, 0xaa890000)
eden space 512K, 0% used [0xaa3b0000, 0xaa3b0bd0, 0xaa430000)
from space 64K, 0% used [0xaa430000, 0xaa430000, 0xaa440000)
to space 64K, 0% used [0xaa440000, 0xaa440000, 0xaa450000)
tenured generation total 6516K, used 4686K [0xaa890000, 0xaaeed000,
0xae3b0000)
the space 6516K, 71% used [0xaa890000, 0xaad23b80, 0xaad23c00, 0xaaeed000)
compacting perm gen total 4096K, used 3097K [0xae3b0000, 0xae7b0000,
0xb23b0000)
the space 4096K, 75% used [0xae3b0000, 0xae6b6400, 0xae6b6400, 0xae7b0000)
Local Time = Wed Nov 30 16:03:49 2005
Elapsed Time = 11
#
# The exception above was detected in native code outside the VM
#
# Java VM: Java HotSpot(TM) Client VM (Blackdown-1.4.2-02 mixed mode)
#
# An error report file has been saved as hs_err_pid27992.log.
# Please refer to the file for further information.
#
Aborted
--
Edward D Wiget
RHP Studios
"Keeping Your Data Safe!"
http://www.rhpstudios.com
606-407-1838
Content of type "application/pgp-signature" skipped
Powered by blists - more mailing lists