| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 10 Oct 2006 02:55:00 +0100 From: nnp <version5@...il.com> To: the.soylent <the.soylent@...il.com> Cc: full-disclosure@...ts.grok.org.uk Subject: Re: Kmail <= 1.9.1 (latest) DOS Thats odd, I initially assumed its a resources problem on your pc, becuase I havent had such difficulties. It crashes kMail and thats about it. Have you verified this on any other ubuntu systems besides your own? Also, I've narrowed down the fuzz string a bit more so I'll post that tomorrow. Its much smaller in size so that should rule out any resource issues. Later, nnp On 10/9/06, the.soylent <the.soylent@...il.com> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > > SecuriTeam Expert schrieb: > > What drivers do you use for X ? (my guess nvidia). > > yes, nvidia ;) > not only ff or gedit crash the x-server, also opening it with epiphany > (0.5.1-1ubuntu1) does the job ;) > > ok, i tested a bit more around: > i open the link on a fresh installed & full patched ubuntu 6.06, 32 and > 64 bit version..(also nvidia-graphic) same effect: > > - -32bit- > Linux amd3800-64 2.6.15-27-amd64-generic > X: 7.0.0-0ubuntu45 > gnome: 1:2.12.2.3 > nvidia-kernel-common: 20051028+1 > > - -64bit- > Linux amd3800 2.6.15-27-k7 > gnome, x, .. : same as above > > firefox -> crash > gedit -> crash > epiphany -> crash > > > interesting part: > when the x server previously runs on tty7, it runs after crash at tty8 > and vice versa. > at the "crashed tty" is displayed the following (64bit): > > *** glibc detected *** free(): invalid next size (normal): > 0x0000000001094d50 *** glibc detected *** double free or corruption > (!prev) 0x00000000010661e0 *** > > same messages on the 32bit-system (with shorter memory-addresses) > > tested it also on a debian-sarge-system (kde+gnome) and pleased someone > with gentoo (fluxbox) to test it: no effect > maybe ubuntu-specific? > > hope this helps, > /soylent > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.2.2 (GNU/Linux) > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org > > iD8DBQFFKqQPY86qEhC92cgRAvIOAJ44GQKNQbfIEdLoWZtw654U6JAacwCeOpb5 > gUv/8WCUEJ+ZShG6gdY/psk= > =KT1N > -----END PGP SIGNATURE----- > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > -- http://silenthack.co.uk http://smashthestack.org _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists