KDE Konqueror Bitmap File Processing Denial of Service Vulnerability
BID:10107
Info
KDE Konqueror Bitmap File Processing Denial of Service Vulnerability
| Bugtraq ID: | 10107 |
| Class: | Failure to Handle Exceptional Conditions |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Apr 13 2004 12:00AM |
| Updated: | Apr 13 2004 12:00AM |
| Credit: | Discovery of this issue affecting Konqueror is credited to Lasse Jespersen. |
| Vulnerable: |
KDE Konqueror 3.2.1 |
| Not Vulnerable: | |
Discussion
KDE Konqueror Bitmap File Processing Denial of Service Vulnerability
It has been reported that Konqueror may be prone to a denial of service vulnerability when processing malformed bitmap files. An attacker can cause a denial of service condition in the system by specifying a large value for a bitmap file to be loaded by the browser.
This attack may lead to a denial of service condition in the system to the exhaustion of memory resources.
This vulnerability has been tested on KDE 3.2.1 running on a Freebsd5.2-CURRENT system, however, it is possible that other versions running on different platforms are vulnerable as well. It is likely that this issue is present in a shared KDE bitmap processing component, presenting attack vectors in other applications that use the component.
This vulnerability is similar to the issue described in BID 10097 (Microsoft Internet Explorer Bitmap File Processing Denial of Service Vulnerability).
It has been reported that Konqueror may be prone to a denial of service vulnerability when processing malformed bitmap files. An attacker can cause a denial of service condition in the system by specifying a large value for a bitmap file to be loaded by the browser.
This attack may lead to a denial of service condition in the system to the exhaustion of memory resources.
This vulnerability has been tested on KDE 3.2.1 running on a Freebsd5.2-CURRENT system, however, it is possible that other versions running on different platforms are vulnerable as well. It is likely that this issue is present in a shared KDE bitmap processing component, presenting attack vectors in other applications that use the component.
This vulnerability is similar to the issue described in BID 10097 (Microsoft Internet Explorer Bitmap File Processing Denial of Service Vulnerability).
Exploit / POC
KDE Konqueror Bitmap File Processing Denial of Service Vulnerability
Proof of concept provided for BID 10097 (Microsoft Internet Explorer Bitmap File Processing Denial of Service Vulnerability) is reported to be effective in reproducing this issue as well. This proof of concept may be obtained from the following location:
http://www.4rman.com/exploits/tinybmp.htm
Proof of concept provided for BID 10097 (Microsoft Internet Explorer Bitmap File Processing Denial of Service Vulnerability) is reported to be effective in reproducing this issue as well. This proof of concept may be obtained from the following location:
http://www.4rman.com/exploits/tinybmp.htm
Solution / Fix
KDE Konqueror Bitmap File Processing Denial of Service Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
References
KDE Konqueror Bitmap File Processing Denial of Service Vulnerability
References:
References: