Re: Opera 9 DoS PoC

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Re: Opera 9 DoS PoC
From: "Bruno Lustosa" <bruno.lists@xxxxxxxxx>
Date: Wed, 21 Jun 2006 14:21:08 -0300
Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=Ub3nQZqfG/u88l3PqCpgbsi01rkFDHsuQcFgAP0INY44vkYV2TYMtcfHE+E33rLi7D/zDpOtyMZbMDy0L55/o0U0a+p3wFE/VrjuPrjVNqj8iaBhA7rbnT/8Ck5XzWcUhIe2mZ9LALzvvR6YO6ZYzcR5QUVeMaFsSD6l681Ur3g=
In-reply-to: <20060621033909.23960.qmail@xxxxxxxxxxxxxxxxx>
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
References: <20060621033909.23960.qmail@xxxxxxxxxxxxxxxxx>

On 21 Jun 2006 03:39:09 -0000, N9@xxxxxxxxxxx <N9@xxxxxxxxxxx> wrote:

Details:

Vulnerability can be exploited by using a large value in a href tag to create 
an out-of-bounds memory access.

Proof Of Concept DoS exploit:

http://www.critical.lt/research/opera_die_happy.html


Interesting enough, clicking on that link under Firefox 1.5.0.4 made
it hang for about 20 seconds, consuming 100% cpu time.
Probably not a vulnerability, although it could be "exploited" to annoy users.

--
Bruno Lustosa <bruno@xxxxxxxxxxx>
http://www.lustosa.net/

Follow-Ups:
- Re: Opera 9 DoS PoC
  - From: Eric Furman
- Re: Opera 9 DoS PoC
  - From: Bastian Ahrens

References:
- Opera 9 DoS PoC
  - From: N9

Prev by Date: Re: PHP security (or the lack thereof)
Next by Date: WBB<<---v2.0 RC2 "newthread.php" SQL Injection
Previous by thread: Opera 9 DoS PoC
Next by thread: Re: Opera 9 DoS PoC
Index(es):
- Date
- Thread