Monday, October 12, 2009

Palm Pre WebOS version <= 1.1 Floating Point Crash

I. Description

The Palm Pre WebOS version <=1.1 suffers from a floating point exception crash when attempting to view a specially crafted web page. This vulnerability has been addressed in the latest patch from Palm and all users are recommended to update to WebOS version 1.2+.

II. Impact

If a user is sent to a malicious web page that contains specially crafted data, the LunaSysMgr process will crash, causing the phone to simulate a reboot. The crash itself is a floating point error that crashes the "LunaSysMgr" process and forces the phone to restart the process, simulating a reboot of the system. At the time of the discovery, the greatest risk to the system was a crash/denial of service vulnerability.

The crash does not occur when viewing the malicious web page while in landscape mode.


III Proof of Concept

The Palm Pre WebOS will crash upon opening a web page that contains 50,280 bytes of data and then attempts to refresh the page. Upon viewing the malicious web page the phone will "crash".

The following code will trigger the crash

"<meta http-equiv="refresh" content="1">AAAAA..." using 50280 or more characters after the refresh.

IV. About

This vulnerability was discovered by Townsend Ladd Harris

Vulnerability details will be posted to: http://tlhsecurity.blogspot.com/ upon release of a patch.

30 comments:

  1. 君子立恆志,小人恆立志。.................................................................                           

    ReplyDelete
  2. 真正仁慈的人,會忘記他們做過的善行,他們全心投入現在的工作,過去的事已被遺忘。..................................................

    ReplyDelete
  3. its nice post about the security thanks for providing such useful information actually there should be proper councling about the Security Course it provides a better security tricks along with to brighten someone's career.....

    ReplyDelete