lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <SNT135-ds1406CE401EB4F99D2CFD53E3EB0@phx.gbl>
Date: Sat, 29 May 2010 01:25:28 +0530
From: "John Smith" <at-x@...e.com>
To: "Vladimir '3APA3A' Dubrovin" <3APA3A@...URITY.NNOV.RU>
Cc: "MustLive" <mustlive@...security.com.ua>,
	"Susan Bradley" <sbradcpa@...bell.net>, <bugtraq@...urityfocus.com>
Subject: Re: Re[2]: DoS vulnerabilities in Firefox, Internet Explorer, Chrome, Opera and other browsers

Point taken. But that'd be a non-issue on the browser's end as much as 
site's that is allowing the rogue scripts (or malformed ads, as per your 
example).
The fork of this mail thread clearly explains what I'm talking about. The 
issue noted there is a simple DoS attack which every programming language 
and platform is vulnerable too. Its called the "infinite loop". It is not a 
'security vulnerability' by itself and is completely agnostic of the uri 
handler (try http or anything instead of nntp).

Here's the simplified JS version of it (lets call it the Universal DoS --  
yes, it'd work for every browser on the planet that can execute JS) -

<script>
while(1)alert('hello world');
</script>

Done!

Workaround:
None very intuitive. Maybe allow the user to terminate the script at every 
iteration? specific time period? etc...

--------------------------------------------------
From: "Vladimir '3APA3A' Dubrovin" <3APA3A@...URITY.NNOV.RU>
Sent: Friday, May 28, 2010 11:47 PM
To: "John Smith" <at-x@...e.com>
Cc: "MustLive" <mustlive@...security.com.ua>; "Susan Bradley" 
<sbradcpa@...bell.net>; <bugtraq@...urityfocus.com>
Subject: Re[2]: DoS vulnerabilities in Firefox, Internet Explorer, Chrome, 
Opera and other browsers

> Dear John Smith,
>
> Actually,  browser DoS may be quite serious vulnerability, depending on
> nature  of  DoS.  Think  about e.g. banner or content exchange network,
> social  networks,  web  boards,  etc where browser vulnerability may be
> used  against  site  or  page because it will harm any visitors of this
> site or page.
>
> In  case  of  this  very vulnerability, most serious impact may be from
> e-mail vector.
>
> --Friday, May 28, 2010, 7:07:50 PM, you wrote to 
> mustlive@...security.com.ua:
>
> JS> Just a few cents - DoS in webbrowsers doesn't fall under the category 
> of
> JS> "vulnerabilities" rather more of "annoyances". Although I don't deny 
> the
> JS> fact that certain DoS attacks *may lead* or *may serve as hints* to 
> other
> JS> more serious exploits, but that's a different topic and with ASLR in 
> the
> JS> scene, a very grey area of discussion.
>
>
>
> -- 
> Skype: Vladimir.Dubrovin
> ~/ZARAZA http://securityvulns.com/
> Стреляя во второй раз, он искалечил постороннего. Посторонним был я. 
> (Твен)
>
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ