Re: Re: MS Internet Explorer 7 Denial Of Service Exploit

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Re: Re: MS Internet Explorer 7 Denial Of Service Exploit
From: craig@xxxxxxxxxx
Date: Sat, 22 Nov 2008 02:05:17 -0700
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

On Konqueror 3.5.9, what happens is that this childish code builds a huge 
string, eats memory, causes swapping, and finally blows away Konq.  Linux and X 
and everything else stay up and recover nicely.  (Gentoo/AMD64X2/3G mem)

This isn't an exploit -- at least not on Linux -- it's just kiddie stupidity.  
It doesn't take any particular cleverness to blow memory by dynamically 
creating bigger and bigger data structures.  With virtual memory and 64-bit 
pointers, when exactly do we return -ENOMEM?

Follow-Ups:
- Re: Re: MS Internet Explorer 7 Denial Of Service Exploit
  - From: Glynn Clements
- Re: MS Internet Explorer 7 Denial Of Service Exploit
  - From: Nick Kirby

Prev by Date: [SVRT-04-08] Vulnerability in WireShark 1.0.4 for DoS Attack
Next by Date: [SECURITY] [DSA 1668-1] New hf packages fix execution of arbitrary code
Previous by thread: Re: MS Internet Explorer 7 Denial Of Service Exploit
Next by thread: Re: MS Internet Explorer 7 Denial Of Service Exploit
Index(es):
- Date
- Thread