lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <449D0940.1010708@b3cks.com>
Date: Sat, 24 Jun 2006 11:43:28 +0200
From: Bastian Ahrens <mail@...ks.com>
To: Bruno Lustosa <bruno.lists@...il.com>
Cc: bugtraq@...urityfocus.com
Subject: Re: Opera 9 DoS PoC


Hi,

on (Gentoo) Linux with Firefox (same Version) it's quite similar.
Opening the page FF hangs for about 4 seconds with an CPU usage of about
20 up to 40% and than displays the page.
Clicking on the link I get the same behavior. The page source isn't
displayed correctly if you try looking at it.

Cheers.


 

Bruno Lustosa wrote:
> On 21 Jun 2006 03:39:09 -0000, N9@...tical.lt <N9@...tical.lt> wrote:
>> Details:
>>
>> Vulnerability can be exploited by using a large value in a href tag
>> to create an out-of-bounds memory access.
>>
>> Proof Of Concept DoS exploit:
>>
>> http://www.critical.lt/research/opera_die_happy.html
>
> Interesting enough, clicking on that link under Firefox 1.5.0.4 made
> it hang for about 20 seconds, consuming 100% cpu time.
> Probably not a vulnerability, although it could be "exploited" to
> annoy users.
>



Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ