Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: Cross-Platform, Cross-Browser DoS Vulnerability - SANS Internet Storm Center SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Cross-Platform, Cross-Browser DoS Vulnerability

G-SEC posted an advisory of a nifty little vulnerability that affects most browsers on most platforms, including mobile devices (i.e. iPhones) and gaming consoles. In essence, it requires a malicious webpage to call the select() function with a large integer. For the most part, this can allocate up to 2 GB of RAM and bring most systems to a grinding halt.  My favorite is the Konqueror / Ubuntu combination in which a large amount of memory is allocated and then Ubuntu starts killing random processes. Hot.

Some patches are out, some devices would strike me as non-trivial to patch.  Impact is minor and I doubt there will be wide-spread exploitation of this because of the inability to execute code locally.  Worst case, browser crashes or system reboots.  It does seem like the kind of thing that ought to have been caught earlier.

Of particular note, IE is exposed up to IE9 [1].

--
John Bambenek
bambenek /at/ gmail dot com

[1] This is what the advisory says, I'm not sure that makes much sense.

John

239 Posts
ISC Handler
Killing a random process is basically normal behavior for most Linux distributions in an out-of-memory situation. The kernel OOM killer has never been very deterministic, although it has some heuristics that try to stop it from, say, killing the X server. It's marginally better than the alternative of a kernel panic, I suppose; there really aren't many good options when you run out of virtual memory.
Anonymous

Posts

Sign Up for Free or Log In to start participating in the conversation!