Cross-Platform, Cross-Browser DoS Vulnerability

Published: 2009-07-17
Last Updated: 2009-07-17 18:46:51 UTC
by John Bambenek (Version: 1)
1 comment(s)

G-SEC posted an advisory of a nifty little vulnerability that affects most browsers on most platforms, including mobile devices (i.e. iPhones) and gaming consoles. In essence, it requires a malicious webpage to call the select() function with a large integer. For the most part, this can allocate up to 2 GB of RAM and bring most systems to a grinding halt.  My favorite is the Konqueror / Ubuntu combination in which a large amount of memory is allocated and then Ubuntu starts killing random processes. Hot.

Some patches are out, some devices would strike me as non-trivial to patch.  Impact is minor and I doubt there will be wide-spread exploitation of this because of the inability to execute code locally.  Worst case, browser crashes or system reboots.  It does seem like the kind of thing that ought to have been caught earlier.

Of particular note, IE is exposed up to IE9 [1].

--
John Bambenek
bambenek /at/ gmail dot com

[1] This is what the advisory says, I'm not sure that makes much sense.

1 comment(s)

Comments

Killing a random process is basically normal behavior for most Linux distributions in an out-of-memory situation. The kernel OOM killer has never been very deterministic, although it has some heuristics that try to stop it from, say, killing the X server. It's marginally better than the alternative of a kernel panic, I suppose; there really aren't many good options when you run out of virtual memory.

Diary Archives