[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: MS Internet Explorer 7 Denial Of Service Exploit
Could you be a bit more specific as to the circumstances of the DOS
exploit and how this could be replicated?
On Konqueror 3.5.9, what happens is that this childish code builds a huge string, eats memory, causes swapping, and finally blows away Konq. Linux and X and everything else stay up and recover nicely. (Gentoo/AMD64X2/3G mem)
This isn't an exploit -- at least not on Linux -- it's just kiddie stupidity. It doesn't take any particular cleverness to blow memory by dynamically creating bigger and bigger data structures. With virtual memory and 64-bit pointers, when exactly do we return -ENOMEM?