lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <Pine.LNX.4.63.0604250921120.23588@secpro.servermatrix.com>
Date: Tue, 25 Apr 2006 09:22:58 -0700 (PDT)
From: Tom Ferris <tommy@...urity-protocols.com>
To: Colin Keigher <colinkeigher@...us.net>
Cc: security@...shdot.ch, bugtraq@...urityfocus.com
Subject: Re: Apple Mac OS X Safari 2.0.3 Vulnerability


Just tested on the following:

OS X 10.4.6 PPC with Safari 2.0.3 (417.9.2)

Completely locked up my machine.. ;)

Tom Ferris
Researcher
www.security-protocols.com
Key fingerprint = 0DFA 6275 BA05 0380 DD91  34AD C909 A338 D1AF 5D78

On Mon, 24 Apr 2006, Colin Keigher wrote:

> It seems to affect older versions also.
>
> Tested on:
> iBook G4 with Mac OS X 10.3.9 (Build 7W98) + all updates from Apple
>
> Version affected:
> Safari 1.3.1 (312.3.1) under 10.3.9
>
> Colin Keigher
> colinkeigherREMOVEFORAFREEPRIZEtelus.net
>
> On 24-Apr-06, at 11:00 AM, " " <security@...shdot.ch> <security@...shdot.ch> 
> wrote:
>
>> 
>> 
>> Apple Mac OS X Safari 2.0.3 Vulnerability
>> =========================================
>> 
>> Release Date:
>> April 23th, 2006
>> 
>> Vendor:
>> Apple Computer Inc.
>> 
>> Tested on:
>> iBook G4 1.2 GHz with Mac OS X 10.4.5 (Build 8H14) + all Updates from Apple 
>> except "10.4.6 Update"
>> iBook G4 1.33 GHz with Mac OS X 10.4.6 (Build 8I127) + all Updates from 
>> Apple
>> PowerMac G4 Dual 867 MHz with Mac OS X 10.4.6 (Build 8I127) + all Updates 
>> from Apple
>> iMac G4 800 MHz with Mac OS X 10.4.6 (Build 8I127) + all Updates from Apple
>> 
>> Versions affected:
>> Safari 2.0.3 (417.9.2) latest version under 10.4.5 (Build 8H14) and perhaps 
>> prior versions
>> Safari 2.0.3 (417.9.2) latest version under 10.4.6 (Build 8I127) and 
>> perhaps prior versions
>> 
>> Overview:
>> A vulnerabilitiy exists in Safari 2.0.3 (417.9.2) and perhaps in prior 
>> versions which causes the operating system to slow down SRCOD (Spinning 
>> Rainbow Cursor Of Death), and therefore, it's not possible to launch any 
>> applications like Terminal to kill the process. After several minutes 
>> Safari crashes.
>> 
>> Technical Details:
>> Create a new File with following code ...
>> 
>> <HTML>
>> <TABLE>
>> <TR><TD ROWSPAN=2000000000>
>> 
>> .. then save it as a .html file (example.html) now open it in Safari. The 
>> application takes a lot of CPU and RAM slowing down the operating system 
>> SRCOD (Spinning Rainbow Cursor Of Death), and it is no longer possible to 
>> use OSX even "apple" + "ALT" + "ESC" is working very slow!
>> Go around and pull the power cable out or press the startbutton for a while 
>> to shut down the computer.
>> 
>> For an expample klick at the link with Safari (WARNING: That crashes Safari 
>> after several minutes an first the SRCOD (Spinning Rainbow Cursor Of Death) 
>> is there for all the time!) 
>> http://www.yanux.ch/exploits/safari/example.html
>> 
>> Report:
>> iMac G4 800 MHz with Mac OS X 10.4.6 (Build 8I127) + all Updates from Apple
>> http://www.yanux.ch/exploits/safari/bugreport_imac_g4.txt
>> 
>> Vendor Status:
>> Apple has notified of this issues on 04/23/2006
>> 
>> Solution:
>> Currently no patches have been released for this vulnerability.
>> 
>> Discovered by:
>> Yannick von Arx
>> yannick[dot]vonarx[at]yanux[dot]ch
>> 
>> ____________________________
>> 
>> e-mail:yannick.vonarx@...ux.ch
>> web:	www.yanux.ch
>> 
>> 
>> 
>> ------
>> freemails.ch - Free Swiss E-Mails
>> 
>> Webhosting nach Mass bereits ab CHF 5.50: www.hostplace.ch
>> 
>> 
>


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ