where is the test vuln code ? 2009/10/28 iDefense Labs <[email protected]>
> -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > iDefense Security Advisory 10.28.09 > http://labs.idefense.com/intelligence/vulnerabilities/ > Oct 28, 2009 > > I. BACKGROUND > > Firefox is the Mozilla Foundation's open source internet web browser. > Among the browser's capabilities is the display of GIF images. GIF is a > widely used image format with features such as loss-less compression, > animation and color palettes. For more information, visit the URLs > shown below. > > http://www.mozilla.com/firefox/ > > http://en.wikipedia.org/wiki/Graphics_Interchange_Format > > II. DESCRIPTION > > Remote exploitation of a buffer overflow in the Mozilla Foundation's > libpr0n image processing library allows attackers to execute arbitrary > code. > > The libpr0n GIF parser was designed using a state machine which is > represented as a series of switch/case statements. One particularly > interesting state, 'gif_image_header', is responsible for interpreting > a single image/frame description record. A single GIF file may contain > many images, each with a different color map associated. > > The problem lies in the handling of changes to the color map of > subsequent images in a multiple-image GIF file. Memory reallocation is > not managed correctly and can result in an exploitable heap overflow > condition. > > III. ANALYSIS > > Exploitation of this vulnerability results in the execution of arbitrary > code with the privileges of the user running the vulnerable application. > To exploit this vulnerability, a targeted user must load a malicious Web > page created by an attacker. An attacker typically accomplishes this via > social engineering or injecting content into compromised, trusted sites. > > IV. DETECTION > > iDefense confirmed the existence of this vulnerability using Mozilla > Firefox versions 3.0.13 and 3.5.2 on 32-bit Windows XP SP3. Other > versions, and potentially other applications using libpr0n, are > suspected to be vulnerable. > > V. WORKAROUND > > Although it is not widely viewed as a viable workaround, disabling > automatic image loading can prevent exploitation of this vulnerability. > The following steps explains how to disable this setting on Firefox > 3.0.x. > > 1. From the "Tools" menu, select "Options" > 2. Navigate to the "Content" settings. > 3. Ensure that "Load images automatically" is not checked. > > VI. VENDOR RESPONSE > > Mozilla has released a patch which fixes this issue in Firefox 3.5.4, > Firefox 3.0.15, and SeaMonkey 2.0. Information about downloadable > vendor updates can be found by clicking on the URL shown. > > http://www.mozilla.com/en-US/firefox/ie.html > > VII. CVE INFORMATION > > The Common Vulnerabilities and Exposures (CVE) project has assigned the > name CVE-2009-3373 to this issue. This is a candidate for inclusion in > the CVE list (http://cve.mitre.org/), which standardizes names for > security problems. > > VIII. DISCLOSURE TIMELINE > > 08/20/2009 - Initial Vendor Notification > 10/27/2009 - Vendor Public Disclosure > 10/28/2009 - iDefense Public Disclosure > > IX. CREDIT > > This vulnerability was reported to iDefense by regenrecht. > > Get paid for vulnerability research > http://labs.idefense.com/methodology/vulnerability/vcp.php > > Free tools, research and upcoming events > http://labs.idefense.com/ > > X. LEGAL NOTICES > > Copyright © 2009 iDefense, Inc. > > Permission is granted for the redistribution of this alert > electronically. It may not be edited in any way without the express > written consent of iDefense. If you wish to reprint the whole or any > part of this alert in any other medium other than electronically, > please e-mail [email protected] for permission. > > Disclaimer: The information in the advisory is believed to be accurate > at the time of publishing based on currently available information. Use > of the information constitutes acceptance for use in an AS IS condition. > There are no warranties with regard to this information. Neither the > author nor the publisher accepts any liability for any direct, > indirect, or consequential loss or damage arising from use of, or > reliance on, this information. > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.7 (MingW32) > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ > > iD8DBQFK6J6Ybjs6HoxIfBkRAn01AKDDafS/+W3ifh/UXOfAMQgGpk/YGgCfc0Uo > 4FncE3T7P7SeNFaDcuNg3G8= > =/3we > -----END PGP SIGNATURE----- >
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
