lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <efcd93940804211132o15f9cd9ere62def262577bbd3@mail.gmail.com>
Date: Mon, 21 Apr 2008 21:32:27 +0300
From: K-Gen <alphakgen@...il.com>
To: full-disclosure@...ts.grok.org.uk
Subject: [DoS] Firefox 3 beta 5 on Ubuntu 7.10 (hangs the
	OS)

This is a funny find, it is incredibly simple, yet it managed to hang my
Linux OS completely. I'd love to see this attempted on newer hardware, since
I'm not 100% sure it will hurt higher end systems as badly.

Elaboration:

"I'll be honest, I was very surprised by this find. As a matter of fact,
this was the first time I ever managed to crash Linux completely... Through
a web browser.

The attack is too simple to brag about, just a simple JS that takes up a lot
of memory fast.


<html>
<body>
    <form method = "GET" action = "bla">
        <input name = "vuln" value =
"012345678901234567890123456789012345678901234567890123456789">
    </form>

    <script>
        for (i=0; i<=5000; i++){
            document.forms[0].vuln.value += document.forms[0].vuln.value;
        }
    </script>

</body>
</html>


This algorithm takes M*2^N bytes of memory (where M is the length of the
"vuln" field and N is the number of loop iterations). You would expect the
browser to alert you that this script is going to take a really long time to
execute, but apparently, this doesn't happen.

After one second of this script running, Firefox stopped responding, a few
seconds later I couldn't even launch the Force Quit applet, a few seconds
after that the system reached a screeching halt.

I have a vague idea of how this is possible, but I guess this is related to
the new GTK+ forms in FF 3. I ran this script on Windows in Firefox 2, and
nothing too scary happened. It did take up 1GB of memory in 5 seconds, but
as it appeared, some limit was reached and the page was loaded with nothing
more exciting than blank text field. The same happened with IE 6.

Note however, that the windows machine had twice more RAM and processing
power than the Linux machine, so I'm not sure whether this was a very
"scientific" test. (I should also try installing FF 3 for Windows and see
what happens).

Certainly, I know FF 3 is beta software. However, what really shocked me
here is how easy it was to overload the whole system through a web page.
This certainly isn't "expected behavior"."

Original post: http://own-the.net/news_Firefox-3b5-on-Ubuntu-(DoS)_15.html

Content of type "text/html" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ