MOAB #29, does it include a Safari denial of service attack?

30 views
Skip to first unread message

burn.red...@gmail.com

unread,
Jan 30, 2007, 5:57:35 AM1/30/07
to MOAB Fixes
Whenever I try to view the latest MOAB (#29), Safari goes into
beachball mode and I have to force quit it. I've tried to reproduce
this 3 times now and it has happened every time. Doesn't happen in
FireFox.

Could it be that the MOAB team is again trying, in their wisdom, to
"teach us all a lesson"?

Landon Fuller

unread,
Jan 30, 2007, 12:15:50 PM1/30/07
to moab...@googlegroups.com

On Jan 30, 2007, at 2:57 AM, burn.red...@gmail.com wrote:

>
> Whenever I try to view the latest MOAB (#29), Safari goes into
> beachball mode and I have to force quit it. I've tried to reproduce
> this 3 times now and it has happened every time. Doesn't happen in
> FireFox.

<img src="bug-files/heat-up.jp2" alt="" height="1" width="1" />
<!-- Never use the macbook at bed again when browsing the MoAB or you
will fry your balls, looper -->

I haven't had time to look at it, but Matt Beaumont did some digging,
and it sounds like the image causes in an infinite loop in
CoreGraphics' jpeg2000 implementation.

PGP.sig

Matt Beaumont

unread,
Jan 30, 2007, 12:29:30 PM1/30/07
to moab...@googlegroups.com
On Tue, Jan 30, 2007 at 9:15:50 -0800, Landon Fuller wrote:
> I haven't had time to look at it, but Matt Beaumont did some digging,
> and it sounds like the image causes in an infinite loop in
> CoreGraphics' jpeg2000 implementation.

Should've mentioned this last night on-list, but I was busy with some
C++ reversing :)

FWIW, the relevant library is Kakadu [1], licensed by Apple for use with
CG. It lives in
'/System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ImageIO.framework/Versions/A/Resources/libJP2.dylib'.

I'm not actually sure that the loop is infinite, per se, but certainly
very, very large -- 300000-ish iterations of the outermost loop times
3-5 iterations of the next loop in, and on occasion, some
0x1212-iteration loops within that.

-Matt

[1] http://www.kakadusoftware.com/

Rosyna

unread,
Jan 30, 2007, 12:43:24 PM1/30/07
to moab...@googlegroups.com, Landon Fuller
Looks like another childish attack. Especially given the comment.

Watch, it'll be gone in a few hours with a note that people shouldn't
be putting up fake logs and lies about Moab putting up JPEG2000
images that cause massive loops.

Ack, at 1/30/07, Landon Fuller said:

><img src="bug-files/heat-up.jp2" alt="" height="1" width="1" />
><!-- Never use the macbook at bed again when browsing the MoAB or
>you will fry your balls, looper -->
>
>I haven't had time to look at it, but Matt Beaumont did some
>digging, and it sounds like the image causes in an infinite loop in
>CoreGraphics' jpeg2000 implementation.

--


Sincerely,
Rosyna Keller
Technical Support/Carbon troll/Always needs a hug

Unsanity: Unsane Tools for Insanely Great People

It's either this, or imagining Phil Schiller in a thong.

al...@opendoor.com

unread,
Jan 30, 2007, 5:00:51 PM1/30/07
to MOAB Fixes
FWIW, our security blog, isfym.com, has been covering this developing
issue. If you guys figure out what the exact vulnerability is,
anything else the published file does, and/or come up with a fix, I'm
sure a lot of people would be grateful.

Alan Oppenheimer
Open Door Networks

OldMacFan

unread,
Jan 31, 2007, 2:10:41 PM1/31/07
to MOAB Fixes

Camino seems unaffected by the issue, Preview is affected by the
issue, as I assumed it would be.

wm_w...@hotmail.com

unread,
Feb 9, 2007, 11:58:46 PM2/9/07
to MOAB Fixes
Hi!

> Could it be that the MOAB team is again trying, in their wisdom, to
> "teach us all a lesson"?

I don't know, but it caused my Power Mac QuickSilver G4 (10.4.8) to
experience browser lockups no matter what browser I was using. Safari,
Firefox and Camino all died in the same way...a constant beach ball of
death, followed by my forcing the affected browser to quit. This
computer was upgraded to a 1.8GHz CPU and it never came back even
after several minutes.

I think the people behind MOAB really do want to be taken seriously.
Unfortunately, that simply isn't the way to do it.

Reply all
Reply to author
Forward
0 new messages