[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: MS Internet Explorer 7 Denial Of Service Exploit



craig@xxxxxxxxxx wrote:
On Konqueror 3.5.9, what happens is that this childish code builds a huge string, eats memory, causes swapping, and finally blows away Konq.  Linux and X and everything else stay up and recover nicely.  (Gentoo/AMD64X2/3G mem)

This isn't an exploit -- at least not on Linux -- it's just kiddie stupidity.  It doesn't take any particular cleverness to blow memory by dynamically creating bigger and bigger data structures.  With virtual memory and 64-bit pointers, when exactly do we return -ENOMEM?

Could you be a bit more specific as to the circumstances of the DOS exploit and how this could be replicated?
Thank you.