Monday, October 12, 2009

Palm Pre WebOS version <= 1.1 Floating Point Crash

I. Description

The Palm Pre WebOS version <=1.1 suffers from a floating point exception crash when attempting to view a specially crafted web page. This vulnerability has been addressed in the latest patch from Palm and all users are recommended to update to WebOS version 1.2+.

II. Impact

If a user is sent to a malicious web page that contains specially crafted data, the LunaSysMgr process will crash, causing the phone to simulate a reboot. The crash itself is a floating point error that crashes the "LunaSysMgr" process and forces the phone to restart the process, simulating a reboot of the system. At the time of the discovery, the greatest risk to the system was a crash/denial of service vulnerability.

The crash does not occur when viewing the malicious web page while in landscape mode.


III Proof of Concept

The Palm Pre WebOS will crash upon opening a web page that contains 50,280 bytes of data and then attempts to refresh the page. Upon viewing the malicious web page the phone will "crash".

The following code will trigger the crash

"<meta http-equiv="refresh" content="1">AAAAA..." using 50280 or more characters after the refresh.

IV. About

This vulnerability was discovered by Townsend Ladd Harris

Vulnerability details will be posted to: http://tlhsecurity.blogspot.com/ upon release of a patch.

30 comments:

  1. 您的部落格文章真棒!!有空我一定會常來逛!! ........................................

    ReplyDelete
  2. 君子如水,隨方就圓,無處不自在。 ..................................................

    ReplyDelete
  3. 仇恨是一把雙刃劍,傷了別人,也傷了自己............................................................

    ReplyDelete
  4. 君子立恆志,小人恆立志。.................................................................                           

    ReplyDelete
  5. 海鷗要高飛,必先遠退。花蜜要香醇,必先久釀。............................................................

    ReplyDelete
  6. Say not all that you know, believe not all that you hear.............................................................

    ReplyDelete
  7. 真正仁慈的人,會忘記他們做過的善行,他們全心投入現在的工作,過去的事已被遺忘。..................................................

    ReplyDelete
  8. 若有人問你成功時會不會記得他 試問若你失敗時他會不會記得你......................................................................

    ReplyDelete
  9. its nice post about the security thanks for providing such useful information actually there should be proper councling about the Security Course it provides a better security tricks along with to brighten someone's career.....

    ReplyDelete