Billy Bues
26/04/06, 01:20
Locked machine up for 3 minutes, then Safari crashed and the machine recove=
red.
OSX 10.4.5 PPC Safari 2.0.3
On 4/25/06, Tom Ferris <tommy@security-protocols.com> wrote:
> Just tested on the following:
>
> OS X 10.4.6 PPC with Safari 2.0.3 (417.9.2)
>
> Completely locked up my machine.. ;)
>
> Tom Ferris
> Researcher
> www.security-protocols.com
> Key fingerprint =3D 0DFA 6275 BA05 0380 DD91 34AD C909 A338 D1AF 5D78
>
> On Mon, 24 Apr 2006, Colin Keigher wrote:
>
> > It seems to affect older versions also.
> >
> > Tested on:
> > iBook G4 with Mac OS X 10.3.9 (Build 7W98) + all updates from Apple
> >
> > Version affected:
> > Safari 1.3.1 (312.3.1) under 10.3.9
> >
> > Colin Keigher
> > colinkeigherREMOVEFORAFREEPRIZEtelus.net
> >
> > On 24-Apr-06, at 11:00 AM, " " <security@slashdot.ch> <security@slashdo=
t.ch>
> > wrote:
> >
> >>
> >>
> >> Apple Mac OS X Safari 2.0.3 Vulnerability
> >> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3 D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3 D=3D
> >>
> >> Release Date:
> >> April 23th, 2006
> >>
> >> Vendor:
> >> Apple Computer Inc.
> >>
> >> Tested on:
> >> iBook G4 1.2 GHz with Mac OS X 10.4.5 (Build 8H14) + all Updates from =
Apple
> >> except "10.4.6 Update"
> >> iBook G4 1.33 GHz with Mac OS X 10.4.6 (Build 8I127) + all Updates fro=
m
> >> Apple
> >> PowerMac G4 Dual 867 MHz with Mac OS X 10.4.6 (Build 8I127) + all Upda=
tes
> >> from Apple
> >> iMac G4 800 MHz with Mac OS X 10.4.6 (Build 8I127) + all Updates from =
Apple
> >>
> >> Versions affected:
> >> Safari 2.0.3 (417.9.2) latest version under 10.4.5 (Build 8H14) and pe=
rhaps
> >> prior versions
> >> Safari 2.0.3 (417.9.2) latest version under 10.4.6 (Build 8I127) and
> >> perhaps prior versions
> >>
> >> Overview:
> >> A vulnerabilitiy exists in Safari 2.0.3 (417.9.2) and perhaps in prior
> >> versions which causes the operating system to slow down SRCOD (Spinnin=
g
> >> Rainbow Cursor Of Death), and therefore, it's not possible to launch a=
ny
> >> applications like Terminal to kill the process. After several minutes
> >> Safari crashes.
> >>
> >> Technical Details:
> >> Create a new File with following code ...
> >>
> >> <HTML>
> >> <TABLE>
> >> <TR><TD ROWSPAN=3D2000000000>
> >>
> >> .. then save it as a .html file (example.html) now open it in Safari. =
The
> >> application takes a lot of CPU and RAM slowing down the operating syst=
em
> >> SRCOD (Spinning Rainbow Cursor Of Death), and it is no longer possible=
to
> >> use OSX even "apple" + "ALT" + "ESC" is working very slow!
> >> Go around and pull the power cable out or press the startbutton for a =
while
> >> to shut down the computer.
> >>
> >> For an expample klick at the link with Safari (WARNING: That crashes S=
afari
> >> after several minutes an first the SRCOD (Spinning Rainbow Cursor Of D=
eath)
> >> is there for all the time!)
> >> http://www.yanux.ch/exploits/safari/example.html
> >>
> >> Report:
> >> iMac G4 800 MHz with Mac OS X 10.4.6 (Build 8I127) + all Updates from =
Apple
> >> http://www.yanux.ch/exploits/safari/bugreport_imac_g4.txt
> >>
> >> Vendor Status:
> >> Apple has notified of this issues on 04/23/2006
> >>
> >> Solution:
> >> Currently no patches have been released for this vulnerability.
> >>
> >> Discovered by:
> >> Yannick von Arx
> >> yannick[dot]vonarx[at]yanux[dot]ch
> >>
> >> ____________________________
> >>
> >> e-mail:yannick.vonarx@yanux.ch
> >> web: www.yanux.ch
> >>
> >>
> >>
> >> ------
> >> freemails.ch - Free Swiss E-Mails
> >>
> >> Webhosting nach Mass bereits ab CHF 5.50: www.hostplace.ch
> >>
> >>
> >
>
red.
OSX 10.4.5 PPC Safari 2.0.3
On 4/25/06, Tom Ferris <tommy@security-protocols.com> wrote:
> Just tested on the following:
>
> OS X 10.4.6 PPC with Safari 2.0.3 (417.9.2)
>
> Completely locked up my machine.. ;)
>
> Tom Ferris
> Researcher
> www.security-protocols.com
> Key fingerprint =3D 0DFA 6275 BA05 0380 DD91 34AD C909 A338 D1AF 5D78
>
> On Mon, 24 Apr 2006, Colin Keigher wrote:
>
> > It seems to affect older versions also.
> >
> > Tested on:
> > iBook G4 with Mac OS X 10.3.9 (Build 7W98) + all updates from Apple
> >
> > Version affected:
> > Safari 1.3.1 (312.3.1) under 10.3.9
> >
> > Colin Keigher
> > colinkeigherREMOVEFORAFREEPRIZEtelus.net
> >
> > On 24-Apr-06, at 11:00 AM, " " <security@slashdot.ch> <security@slashdo=
t.ch>
> > wrote:
> >
> >>
> >>
> >> Apple Mac OS X Safari 2.0.3 Vulnerability
> >> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3 D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3 D=3D
> >>
> >> Release Date:
> >> April 23th, 2006
> >>
> >> Vendor:
> >> Apple Computer Inc.
> >>
> >> Tested on:
> >> iBook G4 1.2 GHz with Mac OS X 10.4.5 (Build 8H14) + all Updates from =
Apple
> >> except "10.4.6 Update"
> >> iBook G4 1.33 GHz with Mac OS X 10.4.6 (Build 8I127) + all Updates fro=
m
> >> Apple
> >> PowerMac G4 Dual 867 MHz with Mac OS X 10.4.6 (Build 8I127) + all Upda=
tes
> >> from Apple
> >> iMac G4 800 MHz with Mac OS X 10.4.6 (Build 8I127) + all Updates from =
Apple
> >>
> >> Versions affected:
> >> Safari 2.0.3 (417.9.2) latest version under 10.4.5 (Build 8H14) and pe=
rhaps
> >> prior versions
> >> Safari 2.0.3 (417.9.2) latest version under 10.4.6 (Build 8I127) and
> >> perhaps prior versions
> >>
> >> Overview:
> >> A vulnerabilitiy exists in Safari 2.0.3 (417.9.2) and perhaps in prior
> >> versions which causes the operating system to slow down SRCOD (Spinnin=
g
> >> Rainbow Cursor Of Death), and therefore, it's not possible to launch a=
ny
> >> applications like Terminal to kill the process. After several minutes
> >> Safari crashes.
> >>
> >> Technical Details:
> >> Create a new File with following code ...
> >>
> >> <HTML>
> >> <TABLE>
> >> <TR><TD ROWSPAN=3D2000000000>
> >>
> >> .. then save it as a .html file (example.html) now open it in Safari. =
The
> >> application takes a lot of CPU and RAM slowing down the operating syst=
em
> >> SRCOD (Spinning Rainbow Cursor Of Death), and it is no longer possible=
to
> >> use OSX even "apple" + "ALT" + "ESC" is working very slow!
> >> Go around and pull the power cable out or press the startbutton for a =
while
> >> to shut down the computer.
> >>
> >> For an expample klick at the link with Safari (WARNING: That crashes S=
afari
> >> after several minutes an first the SRCOD (Spinning Rainbow Cursor Of D=
eath)
> >> is there for all the time!)
> >> http://www.yanux.ch/exploits/safari/example.html
> >>
> >> Report:
> >> iMac G4 800 MHz with Mac OS X 10.4.6 (Build 8I127) + all Updates from =
Apple
> >> http://www.yanux.ch/exploits/safari/bugreport_imac_g4.txt
> >>
> >> Vendor Status:
> >> Apple has notified of this issues on 04/23/2006
> >>
> >> Solution:
> >> Currently no patches have been released for this vulnerability.
> >>
> >> Discovered by:
> >> Yannick von Arx
> >> yannick[dot]vonarx[at]yanux[dot]ch
> >>
> >> ____________________________
> >>
> >> e-mail:yannick.vonarx@yanux.ch
> >> web: www.yanux.ch
> >>
> >>
> >>
> >> ------
> >> freemails.ch - Free Swiss E-Mails
> >>
> >> Webhosting nach Mass bereits ab CHF 5.50: www.hostplace.ch
> >>
> >>
> >
>