lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-Id: <17BC55AE-D235-4A45-A7D1-EC869F7A9AA2@free.fr>
Date: Thu, 12 Feb 2009 20:12:12 +0100
From: Rolphin <rolphin@...e.fr>
To: XiaShing@...il.com
Cc: bugtraq@...urityfocus.com
Subject: Re: Denial of Service using Partial GET Request in Mozilla Firefox 3.06

Hi,
How is this related to Firefox ?

See further:
On Feb 12, 2009, at 09:14 , XiaShing@...il.com wrote:

> ============================================================
> !vuln
> Mozilla Firefox 3.06
> Previous versions may also be affected.
> ============================================================
>
> ============================================================
> !risk
> Medium
> There are currently many users using Mozilla Firefox.
> However, there has been no confirmation of remote execution
> of arbitrary code yet.
> ============================================================
>
> ============================================================
> !info
> Tested on:
> Windows Vista Version Service Pack 1 Build 6001
> Processor Intel(R) Core(TM)2 Duo CPU T8300 @ 2.40GHz,
> 2401 Mhz, 2 Core(s), 2 Logical Processor(s)
>
> User Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US;
> rv:1.9.0.6) Gecko/2009011913 Firefox/3.0.6
> (.NET CLR 3.5.30729)
> ============================================================

This is the firefox user agent string...
>
>
> ============================================================
> !discussion
> The Partial GET Request (HTTP 206 Status Code) of a WAV file
> results in a Denial of Service of the application.
>
> Last HTTP packet from Firefox before the DoS is listed below
> in RAW format:
> GET /fpaudio/footprints_waves.wav HTTP/1.1
> Accept: */*
> User-Agent: NSPlayer/11.0.6001.7001 WMFSDK/11.0

Is this firefox ?

>
> UA-CPU: x86

Only MS set this header...

>
> Accept-Encoding: gzip, deflate
> Range: bytes=34848-
> Unless-Modified-Since: Mon, 09 Jul 2007 12:44:57 GMT
> If-Range: "4f0018-440f2-434d403204440"
> Host: www.footprints-inthe-sand.com
> Connection: Keep-Alive

This is not firefox.

>
>
> The OK GET Request (HTTP 200 Status Code) of the WAV file is
> listed below in RAW format:
> GET /fpaudio/footprints_waves.wav HTTP/1.1
> Accept: */*
> User-Agent: Windows-Media-Player/10.00.00.3802
> UA-CPU: x86

Oh ! It's seems that you've found the problem...
May be a bug in the Windows Media Player ?

Did your try this on IE ?

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ