[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] Kmail <= 1.9.1 (latest) DOS

To: "the.soylent" <the.soylent@xxxxxxxxx>
Subject: Re: [Full-disclosure] Kmail <= 1.9.1 (latest) DOS
From: nnp <version5@xxxxxxxxx>
Date: Tue, 10 Oct 2006 02:55:00 +0100

Thats odd, I initially assumed its a resources problem on your pc,
becuase I havent had such difficulties. It crashes kMail and thats
about it.

Have you verified this on any other ubuntu systems besides your own?

Also, I've narrowed down the fuzz string a bit more so I'll post that
tomorrow. Its much smaller in size so that should rule out any
resource issues.

Later,
nnp

On 10/9/06, the.soylent <the.soylent@xxxxxxxxx> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
>
> SecuriTeam Expert schrieb:
> > What drivers do you use for X ? (my guess nvidia).
>
> yes, nvidia ;)
> not only ff or gedit crash the x-server, also opening it with epiphany
> (0.5.1-1ubuntu1) does the job ;)
>
> ok, i tested a bit more around:
> i open the link on a fresh installed & full patched ubuntu 6.06, 32 and
> 64 bit version..(also nvidia-graphic) same effect:
>
> - -32bit-
> Linux amd3800-64 2.6.15-27-amd64-generic
> X:  7.0.0-0ubuntu45
> gnome: 1:2.12.2.3
> nvidia-kernel-common: 20051028+1
>
> - -64bit-
> Linux amd3800 2.6.15-27-k7
> gnome, x, .. : same as above
>
> firefox -> crash
> gedit -> crash
> epiphany -> crash
>
>
> interesting part:
> when the x server previously runs on tty7, it runs after crash at tty8
> and vice versa.
> at the "crashed tty" is displayed the following (64bit):
>
> *** glibc detected *** free(): invalid next size (normal):
> 0x0000000001094d50 *** glibc detected *** double free or corruption
> (!prev) 0x00000000010661e0 ***
>
> same messages on the 32bit-system (with shorter memory-addresses)
>
> tested it also on a debian-sarge-system (kde+gnome) and pleased someone
> with gentoo (fluxbox) to test it: no effect
> maybe ubuntu-specific?
>
> hope this helps,
> /soylent
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.2.2 (GNU/Linux)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
>
> iD8DBQFFKqQPY86qEhC92cgRAvIOAJ44GQKNQbfIEdLoWZtw654U6JAacwCeOpb5
> gUv/8WCUEJ+ZShG6gdY/psk=
> =KT1N
> -----END PGP SIGNATURE-----
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>


-- 
http://silenthack.co.uk
http://smashthestack.org

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Follow-Ups:
- Re: [Full-disclosure] Kmail <= 1.9.1 (latest) DOS
  - From: the.soylent

References:
- [Full-disclosure] Kmail <= 1.9.1 (latest) DOS
  - From: nnp
- Re: [Full-disclosure] Kmail <= 1.9.1 (latest) DOS
  - From: the.soylent
- Re: [Full-disclosure] Kmail <= 1.9.1 (latest) DOS
  - From: SecuriTeam Expert
- Re: [Full-disclosure] Kmail <= 1.9.1 (latest) DOS
  - From: the.soylent

Prev by Date: Re: [Full-disclosure] Kmail <= 1.9.1 (latest) DOS
Next by Date: [Full-disclosure] [USN-360-1] awstats vulnerabilities
Previous by thread: Re: [Full-disclosure] Kmail <= 1.9.1 (latest) DOS
Next by thread: Re: [Full-disclosure] Kmail <= 1.9.1 (latest) DOS
Index(es):
- Date
- Thread