Next Page >>
DoS attack
Hello MaXe!
> However, I just tested the vulnerability in chrome and the incidents were
> different.
As I said on my system it's solely Chrome DoS vulnerability. On my system
with Firefox 3.0.13 (and previous versions, when I tested them before) there
is not such issue, when Firefox was DoSed via Chrome, i.e. Cross-Application
DoS. Taking into account that you have this issue with Firefox 3.5.2, than
it can be problem with FF 3.5.x versions, which have tight integration with
Chrome's and other software's URI handlers.
advisory outlines the details of these vulnerabilities:
* VPN Authentication Bypass when Account Override Feature is Used
vulnerability
* Crafted HTTP packet denial of service (DoS) vulnerability
* Crafted TCP Packet DoS vulnerability
* Crafted H.323 packet DoS vulnerability
Summary
=======
The Cisco ACE Application Control Engine Module and Cisco ACE 4710
Application Control Engine contain the following DoS vulnerabilities:
* Real-Time Streaming Protocol (RTSP) inspection DoS vulnerability
* HTTP, RTSP, and Session Initiation Protocol (SIP) inspection DoS
vulnerability
* Secure Socket Layer (SSL) DoS vulnerability
Just a few cents - DoS in webbrowsers doesn't fall under the category of
"vulnerabilities" rather more of "annoyances". Although I don't deny the
fact that certain DoS attacks *may lead* or *may serve as hints* to other
more serious exploits, but that's a different topic and with ASLR in the
scene, a very grey area of discussion.
Case in point: XSS can be of various kinds and most of them (I'm talking of
about 99.99%) can be attributed to the design of the web
technologies/protocols specifications (http, ajax, etc etc...you name it)
and the browsers can only do that much. Hence its not feasible for a
This advisory is posted at:
http://www.cisco.com/warp/public/707/cisco-sa-20100804-asa.shtml
Note: The Cisco Firewall Services Module (FWSM) is affected by the
SunRPC DoS vulnerabilities. A separate Cisco Security Advisory has
been published to disclose the vulnerabilities that affect the FWSM.
This advisory is available at:
http://www.cisco.com/warp/public/707/cisco-sa-20100804-fwsm.shtml
for all readers of the list.
First of all, readers of both Bugtraq and Full-disclosure must understand,
that if you had no questions to my first advisory (from this series of
advisories (I posted three already) of vulnerabilities in browsers,
which belong to group of DoS via protocol handlers), then there must be no
questions for next advisories. Otherwise it'll be double standards (not
moaning on 1st advisory and moaning on 2nd and 3rd ones) and as I already
wrote to the lists, double standards are bad and better to not use them.
Second, I repeat one more time :-), that there can be also made attack
> before and 100% of the time they respond.
Yes, I did. I emailed Microsoft, like other browser vendors. I knew their
emails, because I wrote to all of these four vendors a lot of times during
2007-2010, and all of them answered many times (who more, who less). But as
I already wrote, in 99% cases they ignored to fix DoS holes (even if they
answered and told, that they agreed that it was DoS and they'd think about
fixing it).
For example Microsoft one time even answered me twice (with thanks), when I
informed them about XSS in IE6. But they didn't fix this vulnerability. It
Hello Susan!
> Granted I can denial of service a browser just by loading up a horrible
> add in or just using a browser
DoS of the browser is already bad thing. And there are many risks for users
from DoS holes in browsers, which I wrote about in 2008 in my articles
Dangers of DoS attacks on browsers and Dangers of resources consumption DoS
attacks. But mostly browser developers ignore to fix these issues.
But in this case it's not only attack on browsers, but on the whole user's
take a day for the vendor to respond to you.
This isn't about past issues, this is about this issue. A single day did
not pass between when you emailed these vendors and when you posted
here. Have you considered giving these vendors time to respond? I do
not find that 99% of them don't, rather I find that they do. Should you
have issues, would you consider emailing me first so I can introduce you
to contacts?
MustLive wrote:
> Hello Susan!
Summary
=======
The Cisco IOS Software Network Address Translation functionality
contains three denial of service (DoS) vulnerabilities. The first
vulnerability is in the translation of Session Initiation Protocol
(SIP) packets, the second vulnerability in the translation of H.323
packets and the third vulnerability is in the translation of H.225.0
call signaling for H.323 packets.
#2009-014 Android denial-of-service issues
Description:
Android, an open source mobile phone platform, is affected by two bugs
that lead to denial-of-service (DoS) conditions.
Two separate DoS issues have been independently reported to oCERT.
The most recent report concerns Android handling of SMS messages: a
specific malformed SMS message can be crafted to trigger a condition that
I was carried away because the author used scripts (in a global script tag)
in the PoC of the issue in question which made unconditional recursion
possible.
Without scripts enabled, if iframe's src property is set to itself(?), it is
parsed upto 1 level (i.e. not recursed). Hence it doesn't affect or DoS the
latest browsers (the best I can say...).
A few other points:
1. if a links/ads or any other content-syndication provider allow unverified
--------------------------------------------------
From: "MustLive" <mustlive@websecurity.com.ua>
Sent: Monday, May 31, 2010 9:33 PM
To: "Susan Bradley" <sbradcpa@pacbell.net>
Cc: <bugtraq@securityfocus.com>
Subject: Re: DoS vulnerabilities in Firefox, Internet Explorer, Chrome and
Opera
> Hello Susan and other readers, who replied to my previous advisory.
>
> Earlier I've already answered Vladimir, now I'd answer Susan and soon I'd
Hello Susan and other readers, who replied to my previous advisory.
Earlier I've already answered Vladimir, now I'd answer Susan and soon I'd
answer John. But now one important note to every reader of the list,
including John Smith. Which I already wrote about 1,5 week ago (after
posting of a first advisory about DoS in browsers) to one reader of
Full-disclosure who inattentively read that advisory (he missed message
about attacking without JS) and also to Mozilla (who became discussing this
issue and only drew attention to attacking with JS vector). That, as I wrote
in both advisories, this attack via iframes can also be conducted without
JavaScript. So even turning JS off will not help.
Summary
=======
Cisco Unified IP Phone models contain multiple overflow and denial of
service (DoS) vulnerabilities. There are workarounds for several of
these vulnerabilities. Cisco has made free software available to
address this issue for affected customers.
This advisory is posted at:
=======
The Cisco Wireless LAN Controller (WLC) product family is affected by
these vulnerabilities:
* Two denial of service (DoS) vulnerabilities
* Three privilege escalation vulnerabilities
* Two access control list (ACL) bypass vulnerabilities
Note: These vulnerabilities are independent of one another. A device
may be affected by one vulnerability and not affected by another.
Summary
=======
Cisco Unified Communications Manager contains five (5) denial of
service (DoS) vulnerabilities.
Cisco has released free software updates for affected versions of
Cisco Unified Communications Manager to address the vulnerabilities.
A workaround exists for the SIP and Packet Capture Service DoS
vulnerabilities.
Summary
=======
Cisco Unified Contact Center Express (UCCX or Unified CCX) contains a denial of
service (DoS) vulnerability and a directory traversal vulnerability. These
vulnerabilities are independent of each other.
Exploitation of these vulnerabilities could result in a DoS condition or an
information disclosure.
exploitation of the SQL injection vulnerability may allow an
authenticated attacker to execute SQL statements that can cause
instability of the product or changes in the configuration.
Additionally, the Cisco Security Agent is affected by a denial of
service (DoS) vulnerability. Successful exploitation of the Cisco
Security Agent agent DoS vulnerability may cause the affected system
to crash. Repeated exploitation could result in a sustained DoS
condition.
These vulnerabilities are independent of each other.
following problems:
CVE-2004-2731
infamous41md reported multiple integer overflows in the Sbus PROM
driver that would allow for a DoS (Denial of Service) attack by a
local user, and possibly the execution of arbitrary code.
CVE-2006-4814
Doug Chapman discovered a potential local DoS (deadlock) in the mincore
following problems:
CVE-2004-2731
infamous41md reported multiple integer overflows in the Sbus PROM
driver that would allow for a DoS (Denial of Service) attack by a
local user, and possibly the execution of arbitrary code.
CVE-2006-4814
Doug Chapman discovered a potential local DoS (deadlock) in the mincore
=======
Cisco Unified Communications Manager (previously known as Cisco
CallManager) contains the following vulnerabilities:
* Three (3) denial of service (DoS) vulnerabilities that affect
Session Initiation Protocol (SIP) services
* Directory transversal vulnerability
* Two (2) SQL injection vulnerabilities
Cisco has released free software updates for affected Cisco Unified
Hello Bugtraq!
I want to warn you about Denial of Service vulnerabilities in Firefox,
Internet Explorer, Chrome and Opera. Which belong to type of DoS via
protocol handlers. Earlier I already wrote about DoS vulnerabilities in
Firefox, Internet Explorer, Chrome and Opera and DoS attacks on email
clients via protocol handlers. This new advisory will show you the situation
of browsers behavior with other protocol handlers.
All those who doubt that these DoS vulnerabilities in browsers and email
Dear John Smith,
In general case we are discussing, DoS may be caused by e.g. some
combination of allowed tags/properties or by malformed image.
As it was pointed by author, this attack may be performed with
scripting disabled (with [iframe src=]). That's why e-mail vector may
be significant.
Thanks for your immediate reply.
I have now tested what you said, cause I suspected that it was only happening because Google Chrome was installed, due to FireFox isn't able to know what ``chromehtml:´´ is on its own. (it has to be associated with an application in this case).
The following would open a lot of windows, consuming most likely all ressources:
http://websecurity.com.ua/uploads/2009/Google%20Chrome%20DoS%20Exploit2.html
FireFox version: FireFox 3.5.2 (Mozilla/5.0 (Windows; U; Windows NT 5.1; da; rv:1.9.1.2) Gecko/20090729 Firefox/3.5.2
Google Chrome versions: 4.0.202.0 && 2.0.172.43 (both tested, the first is the new beta.)
Vulnerabilities and Exposures project identifies the following
problems:
CVE-2008-3528
Eugene Teo reported a local DoS issue in the ext2 and ext3
filesystems. Local users who have been granted the privileges
necessary to mount a filesystem would be able to craft a corrupted
filesystem that causes the kernel to output error messages in an
infinite loop.
Vulnerabilities and Exposures project identifies the following
problems:
CVE-2008-3527
Tavis Ormandy reported a local DoS and potential privilege
escalation in the Virtual Dynamic Shared Objects (vDSO)
implementation.
CVE-2008-3528
Hello Bugtraq!
I want to warn you about security vulnerabilities in different browsers.
With this advisory I'm continue my series of vulnerabilities in browsers,
which belong to group of DoS via protocol handlers.
-----------------------------
Advisory: DoS vulnerabilities in Firefox, Internet Explorer, Chrome and
Opera
-----------------------------
Point taken. But that'd be a non-issue on the browser's end as much as
site's that is allowing the rogue scripts (or malformed ads, as per your
example).
The fork of this mail thread clearly explains what I'm talking about. The
issue noted there is a simple DoS attack which every programming language
and platform is vulnerable too. Its called the "infinite loop". It is not a
'security vulnerability' by itself and is completely agnostic of the uri
handler (try http or anything instead of nntp).
Here's the simplified JS version of it (lets call it the Universal DoS --
Hello Bugtraq!
I want to warn you about security vulnerability in different browsers.
-----------------------------
Advisory: DoS vulnerabilities in Firefox, Internet Explorer, Chrome and
Opera
-----------------------------
URL: http://websecurity.com.ua/4238/
-----------------------------
Affected products: Mozilla Firefox, Internet Explorer 6, Internet Explorer
Next Page>>
|
