lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <201002041030.o14AUM9k004605@www3.securityfocus.com>
Date: Thu, 4 Feb 2010 03:30:22 -0700
From: david@...orsecurity.info
To: bugtraq@...urityfocus.com
Subject: [MajorSecurity Advisory #64]Apple Safari 4.0.4 Denial of Service

[MajorSecurity Advisory #64]Apple Safari 4.0.4 Denial of Service

Details
============
Product: Apple Safari Webbrowser
Security-Risk: low
Remote-Exploit: yes
Vendor-URL: http://www.apple.com/safari/
Vendor-Status: informed
Advisory-Status: published on 02-02-2010

Credits
============
Discovered by: David Vieira-Kurz
http://www.majorsecurity.info

Affected Products:
============
Apple Safari browser 4.0.4 an prior

Original Advisory:
============
http://www.majorsecurity.info/index_2.php?adv=major_rls64

Introduction
============
The Apple Safari browser is a webbrowser based on the WebKit Engine.

More Details
============
A remotely exploitable vulnerability has been found in the JavaScript Engine of the Apple Safari Browser(based on Webkit Engine).
In detail, the following flaw was determined:
The Apple Safari browser is prone to a denial of service vulnerability when parsing certain HTML content.
This is possible due to a failure in handling exceptional conditions. This issue is caused by a memory corruption error when handling javascript elements, which could be exploited by remote attackers to crash the browser by tricking a user into visiting a specially crafted web page.
This issue can NOT be lead to remote code execution, so that the potential security risk is rated low.

The exploit has been tested on Windows Vista SP2 with Safari 4.0.4 using following useragent:
Mozilla/5.0 (Windows; U; Windows NT 6.0; de-DE) AppleWebKit/531.21.8 (KHTML, like Gecko) Version/4.0.4 Safari/531.21.10

Proof of Concept:
============
<script>
var overloadtag = "<marquee>";
for(x=1;x<=9999999999;x++){
document.write(overloadtag);
}
</script>

MajorSecurity
================
MajorSecurity is a German penetrationtesting and security research company which focuses
on web application security. We offer professional penetrationtestings, security audits,
source code reviews and reliable proof of concepts.
You will find more Information about MajorSecurity at
http://www.majorsecurity.info/

Unaltered electronic reproduction of this advisory is permitted. For all other reproduction or publication, in printing or otherwise, contact office@...orsecurity.info for permission.
Use of the advisory constitutes acceptance for use in an "as is" condition. All warranties are excluded. In no event shall majorsecurity and David Vieira-Kurz IT Security Services be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if majorsecurity has been advised of the possibility of such damages.Copyright 2010 MajorSecurity and David Vieira-Kurz IT Security Services. All rights reserved. Terms of use apply. 

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ