Date: 16 May 2006 20:48:28 -0000
From: dan@...hology.washington.edu
To: bugtraq@...urityfocus.com
Subject: Gmail/Gtalk web client DoS


Gmail/Gtalk web client DoS

Summary

It is trivial to freeze the browser of a known user who is currently using Gmail with the Gtalk feature enabled.  This could lead to a denial of service attack against any user of Gmail who is using the web client.

Technical Details

Gtalk within Gmail converts some incoming emoticons into animated gifs.  Sending a large quantity at once will cause the recipient's browser to lock up until the message is fully converted.  With relatively few (100) emoticons, you can freeze a browser for a few minutes.  Larger quantities, or multiple messages could extend this time indefinitely.  If the Gmail web client is used to send the message, the sender's browser will also lock up.

The standalone Google Talk client for Windows does not suffer from this problem, and is the easiest way to send the messages to a target.  In theory, any properly configured Jabber client could be used.  Conceivably, modified Jabber clients could be configured to run a widespread DoS attack against active Gmail users at a low cost to the attacker, since the message size is small and requires little bandwidth. 

Known Affected Browsers:
Firefox 1.5.0.3
Internet Explorer 6.0
Internet Explorer 7.0 Beta 2
Seamonkey 1.0

Known Unaffected Browsers: 
Safari 1.3.2

Any browser which the Gtalk client does not run in will be unaffected.


Workaround

Disabling the Gtalk feature while using Gmail will protect a user, at the cost of the ability to chat.

Credits

Special thanks to Kevin Fleming for help research this issue.

Powered by blists - more mailing lists