lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <46251ED2.4000600@infiltrated.net>
Date: Tue, 17 Apr 2007 15:24:02 -0400
From: "J. Oquendo" <sil@...iltrated.net>
To: full-disclosure <full-disclosure@...ts.grok.org.uk>
Subject: Follow up browser DoS

Comments on Firefox 2.0.3 ... Mines hangs then regains its composure after
about 2 solid minutes of being stuck in hell.


Did nothing to Opera on Windows, OpenBSD or Linux...

Seemed to also toast out Firefox on FC5. Caused system to respond horribly.

[root@...uxbox ~]# yum update firefox
Loading "installonlyn" plugin
Setting up Update Process
Setting up repositories
core                                                                 [1/3]

.....

--> Populating transaction set with selected packages. Please wait.
---> Downloading header for firefox to pack into transaction set.
firefox-1.5.0.10-1.fc5.i3 100% |=========================|  82 kB    00:00
---> Package firefox.i386 0:1.5.0.10-1.fc5 set to be updated
--> Running transaction check

Dependencies Resolved

=============================================================================
 Package                 Arch       Version          Repository        Size
=============================================================================
Updating:
 firefox                 i386       1.5.0.10-1.fc5   updates            18 M

Transaction Summary
=============================================================================
Install      0 Package(s)
Update       1 Package(s)
Remove       0 Package(s)
Total download size: 18 M
Is this ok [y/N]: y
Downloading Packages:
(1/1): firefox-1.5.0.10-1 100% |=========================|  18 MB    01:27
Running Transaction Test
Finished Transaction Test
Transaction Test Succeeded
Running Transaction
  Updating  : firefox                      ######################### [1/2]
  Cleanup   : firefox                      ######################### [2/2]

Updated: firefox.i386 0:1.5.0.10-1.fc5
Complete!

Copied and pasted top information ... Took me 3 minutes to actually copy
and paste the information...

Tasks: 118 total,   1 running, 116 sleeping,   0 stopped,   1 zombie
Cpu(s): 73.7% us, 25.3% sy,  0.0% ni,  0.0% id,  0.0% wa,  1.0% hi,  0.0% si
Mem:   1034412k total,  1019464k used,    14948k free,     1600k buffers
Swap:  2031608k total,   317436k used,  1714172k free,    41184k cached

  PID USER      PR  NI  VIRT  RES  SHR S %CPU %MEM    TIME+  COMMAND
27474 root      18   0 1178m 838m  17m D  1.0 83.0   0:21.43 firefox-bin


[root@...uxbox ~]# killall -9 firefox-bin
firefox-bin: no process killed
[root@...uxbox ~]# killall -9 firefox-bin
[root@...uxbox ~]#

Killed it once... Nope... System didn't even acknowledge it. Stood running for
a few seconds till I killall -9'd it again. Damn you firefox!



-- 
====================================================
J. Oquendo
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x1383A743
sil . infiltrated @ net http://www.infiltrated.net 

The happiness of society is the end of government.
John Adams


Download attachment "smime.p7s" of type "application/x-pkcs7-signature" (5157 bytes)

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ