[MajorSecurity Advisory #65]Motorola Milestone Smartphone Denial of Service

2010-02-16T00:00:00

Description

[MajorSecurity Advisory #65]Motorola Milestone Smartphone Denial of Service Details ============ Product: Motorola Milestone(Droid) Smartphone Security-Risk: low Remote-Exploit: yes Vendor-URL: http://www.motorola.com/ Vendor-Status: informed Advisory-Status: published on 02-02-2010 Credits ============ Discovered by: David Vieira-Kurz http://www.majorsecurity.info Affected Products: ============ Motorola Milestone(Droid) smartphone Browser with following useragent: Mozilla/5.0 (Linux; U; Android 2.0; de-de; Milestone Build/SHOLS_U2_01.03.1) AppleWebKit/530.17 (KHTML, like Gecko) Version/4.0 Mobile Safari/530.17 Original Advisory: ============ http://www.majorsecurity.info/index_2.php?adv=major_rls65 Introduction ============ The Motorola Milestone(droid) is a smartphone produced by Motorola based on the android operation system. More Details ============ A remotely exploitable vulnerability has been found in the JavaScript Engine of the MobileSafari Browser(based on Webkit Engine) used on the Motorola Milestone(droid) smartphone. In detail, the following flaw was determined: The Motorola Milestone(Droid) is prone to a denial of service vulnerability when parsing certain HTML content. This is possible due to a failure in handling exceptional conditions. This issue is caused by a memory corruption error when handling javascript elements, which could be exploited by remote attackers to crash the browser by tricking a user into visiting a specially crafted web page. This issue can NOT be lead to remote code execution, so that the potential security risk is rated low. The exploit has been tested on a Motorola Milestone(Droid) using following useragent: Mozilla/5.0 (Linux; U; Android 2.0; de-de; Milestone Build/SHOLS_U2_01.03.1) AppleWebKit/530.17 (KHTML, like Gecko) Version/4.0 Mobile Safari/530.17 Proof of Concept: ============ &lt;script&gt; var overloadtag = "&lt;marquee&gt;"; for(x=1;x<=9999999999999;x++){ document.write(overloadtag); } &lt;/script&gt; MajorSecurity ================ MajorSecurity is a German penetrationtesting and security research company which focuses on web application security. We offer professional penetrationtestings, security audits, source code reviews and reliable proof of concepts. You will find more Information about MajorSecurity at http://www.majorsecurity.info/ Unaltered electronic reproduction of this advisory is permitted. For all other reproduction or publication, in printing or otherwise, contact david@majorsecurity.info for permission. Use of the advisory constitutes acceptance for use in an "as is" condition. All warranties are excluded. In no event shall majorsecurity and David Vieira-Kurz IT Security Services be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if majorsecurity has been advised of the possibility of such damages. Copyright 2010 MajorSecurity and David Vieira-Kurz IT Security Services. All rights reserved. Terms of use apply.

{"id": "SECURITYVULNS:DOC:23234", "bulletinFamily": "software", "title": "[MajorSecurity Advisory #65]Motorola Milestone Smartphone Denial of Service", "description": "[MajorSecurity Advisory #65]Motorola Milestone Smartphone Denial of Service\r\n\r\nDetails\r\n============\r\nProduct: Motorola Milestone(Droid) Smartphone\r\nSecurity-Risk: low\r\nRemote-Exploit: yes\r\nVendor-URL: http://www.motorola.com/\r\nVendor-Status: informed\r\nAdvisory-Status: published on 02-02-2010\r\n\r\nCredits\r\n============\r\nDiscovered by: David Vieira-Kurz\r\nhttp://www.majorsecurity.info\r\n\r\nAffected Products:\r\n============\r\nMotorola Milestone(Droid) smartphone Browser with following useragent:\r\nMozilla/5.0 (Linux; U; Android 2.0; de-de; Milestone Build/SHOLS_U2_01.03.1) AppleWebKit/530.17\r\n(KHTML, like Gecko) Version/4.0 Mobile Safari/530.17\r\n\r\nOriginal Advisory:\r\n============\r\nhttp://www.majorsecurity.info/index_2.php?adv=major_rls65\r\n\r\nIntroduction\r\n============\r\nThe Motorola Milestone(droid) is a smartphone produced by Motorola based on the android operation\r\nsystem.\r\n\r\nMore Details\r\n============\r\nA remotely exploitable vulnerability has been found in the JavaScript Engine of the MobileSafari\r\nBrowser(based on Webkit Engine) used on the Motorola Milestone(droid) smartphone.\r\nIn detail, the following flaw was determined:\r\nThe Motorola Milestone(Droid) is prone to a denial of service vulnerability when parsing certain HTML\r\ncontent. \r\nThis is possible due to a failure in handling exceptional conditions.\r\nThis issue is caused by a memory corruption error when handling javascript elements,\r\nwhich could be exploited by remote attackers to crash the browser by tricking a user into visiting a\r\nspecially crafted web page.\r\nThis issue can NOT be lead to remote code execution, so that the potential security risk is rated low.\r\n\r\nThe exploit has been tested on a Motorola Milestone(Droid) using following useragent:\r\n\r\nMozilla/5.0 (Linux; U; Android 2.0; de-de; Milestone Build/SHOLS_U2_01.03.1) AppleWebKit/530.17\r\n(KHTML, like Gecko) Version/4.0 Mobile Safari/530.17\r\n\r\nProof of Concept:\r\n============\r\n &lt;script&gt;\r\n var overloadtag = "&lt;marquee&gt;";\r\n for(x=1;x<=9999999999999;x++){\r\n document.write(overloadtag);\r\n }\r\n &lt;/script&gt;\r\n\r\nMajorSecurity\r\n================\r\nMajorSecurity is a German penetrationtesting and security research company which focuses\r\non web application security. We offer professional penetrationtestings, security audits,\r\nsource code reviews and reliable proof of concepts. You will find more Information about MajorSecurity\r\nat http://www.majorsecurity.info/\r\nUnaltered electronic reproduction of this advisory is permitted. For all other reproduction or\r\npublication, in printing or otherwise, contact david@majorsecurity.info for permission.\r\nUse of the advisory constitutes acceptance for use in an "as is" condition. All warranties are\r\nexcluded. In no event shall majorsecurity and David Vieira-Kurz IT Security Services be liable for any\r\ndamages whatsoever including direct, indirect, incidental, consequential, loss of business profits or\r\nspecial damages, even if majorsecurity has been advised of the possibility of such damages. Copyright\r\n2010 MajorSecurity and David Vieira-Kurz IT Security Services. All rights reserved. Terms of use apply. ", "published": "2010-02-16T00:00:00", "modified": "2010-02-16T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:23234", "reporter": "Securityvulns", "references": [], "cvelist": [], "type": "securityvulns", "lastseen": "2018-08-31T11:10:33", "edition": 1, "viewCount": 23, "enchantments": {"score": {"value": 1.7, "vector": "NONE"}, "dependencies": {"references": [{"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:10618"]}], "rev": 4}, "backreferences": {"references": [{"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:10618"]}]}, "exploitation": null, "vulnersScore": 1.7}, "affectedSoftware": [], "immutableFields": [], "cvss2": {}, "cvss3": {}, "_state": {"dependencies": 1645275197, "score": 1659803227}, "_internal": {"score_hash": "4012b6d04e9d147ad1d6bcefdb99a592"}}