[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-disclosure] Kmail <= 1.9.1 (latest) DOS
- To: "the.soylent" <the.soylent@xxxxxxxxx>
- Subject: Re: [Full-disclosure] Kmail <= 1.9.1 (latest) DOS
- From: nnp <version5@xxxxxxxxx>
- Date: Tue, 10 Oct 2006 23:59:46 +0100
I have narrowed down the bug. Here is the update:
Description:
Kmail can be crashed due to incorrectly parsing certain HTML elements.
In this case the <img> tag is incorrectly parsed if the src attribute
is a malformed file link.
A sample mail can be found here
http://silenthack.co.uk/nnp/exploits/kmail/imgCrash .
On 10/10/06, the.soylent <the.soylent@xxxxxxxxx> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
>
> nnp schrieb:
> > Have you verified this on any other ubuntu systems besides your own?
>
> Confirmed on 6 other systems, also one kubuntu (with kde) is affected.
> all have nvidia, but also some with nvidia are not affected.. strange..
> /soylent
>
>
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.2.2 (GNU/Linux)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
>
> iD8DBQFFK3ByY86qEhC92cgRAhDBAKCARhfI/baRKHqfxQkhHsxim71e0ACfZyAr
> aiBLc3mn5Qd/AHqqTKdxV6w=
> =PmXv
> -----END PGP SIGNATURE-----
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
--
http://silenthack.co.uk
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/