lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date: Thu, 4 Apr 2013 00:30:06 +0200
From: Jann Horn <jann@...jh.net>
To: full-disclosure@...ts.grok.org.uk
Subject: Re: DoS vulnerability in Adobe Flash Player (BSOD)

On Thu, Apr 04, 2013 at 01:24:29AM +0300, MustLive wrote:
> Hello list!
> 
> I want to warn you about Denial of Service vulnerability (BSOD) in Adobe
> Flash Player. I've found this vulnerability at 27.01.2013.
> 
> -------------------------
> Affected products:
> -------------------------
> 
> Vulnerable version is Adode Flash 11.5.502.146. Attack works only on AMD/ATI
> video cards.
> 
> Adobe have fixed it at 12.02.2013 in their patch APSB13-05
> (https://www.adobe.com/support/security/bulletins/apsb13-05.html), which
> fixed multiple vulnerabilities in flash player. At that Adobe did it
> hiddenly without mentioned about this vulnerability and without referencing
> on me. After my informing in the end of January, they was "checking it"
> during 1,5 months and said, that they can't reproduce this vulnerability (at
> that I've reproduced it on multiple computers with ATI video cards), that
> they don't know anything (the hole was accidentally fixed in APSB13-05) and
> this DoS doesn't related to them.

Sorry, but how can this be a vuln in *Flash*, a *user-space* component, if it
can be used to cause a BSOD, which, as far as I know, means that something bad
happened *in the Kernel*? Sounds to me as if Flash is not the (or at least not
the only) culprit...

Download attachment "signature.asc" of type "application/pgp-signature" (837 bytes)

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ