Check Point Advisories

Mozilla SOAPParameter Integer Overflow (CVE-2004-0722)

Check Point Reference: CPAI-2004-163
Date Published: 15 Mar 2010
Severity: Medium
Last Updated: Thursday 11 August, 2016
Source:
Industry Reference:CVE-2004-0722
Protection Provided by:

Security Gateway
R81, R80, R77, R75
Who is Vulnerable?
Vulnerability Description Simple Object Access Protocol (SOAP) is an XML based protocol which allows for an easy exchange of information over the Internet. It is commonly used for building web services. Mozilla has built-in SOAP support, provided through a JavaScript interface for a series of objects designed to create, send, and receive SOAP messages. A vulnerability exists in several versions of the Mozilla and Netscape browsers' implementation of the Simple Object Access Protocol (SOAP). A specially crafted HTML page containing script code that leverages this vulnerability can allow an attacker to crash a client's browser application, or potentially introduce arbitrary code into the process flow, compromising the system. In a simple denial of service attack case, the affected web browser will crash upon opening the malicious HTML page. Similarly, the vulnerable mail client will crash upon opening or previewing the malicious HTML mail. If an attacker performs a more completed code injection attack, then the behavior of the target is dependant entirely on the injected code. Experiments show that the behavior of the vulnerable products differ on Linux with regards to the excessively large array that is passed into the constructor SOAPParameter. This large array can be created with a large size (e.g., new Array(...)) or resized to a large size by a large index (e.g., arrayObject[index] = ...). On Linux, Mozilla will attempt to allocate all the elements of the array. First, there is a long wait in Mozilla as it tries to allocate a large array. Second, since the malicious script is attempting to create an array that is over 1 gigabyte in memory, an average system will run out of memory. The Linux operating system will terminate the Mozilla process because of the out of memory condition. As such, the vulnerability is never triggered.

Protection Overview

This protection will detect and block attempts to exploit this vulnerability.

In order for the protection to be activated, update your Security Gateway product to the latest IPS update. For information on how to update IPS, go to SBP-2006-05, click on Protection tab and select the version of your choice.

Security Gateway R80 / R77 / R75

  1. In the IPS tab, click Protections and find the Mozilla SOAPParameter Integer Overflow protection using the Search tool and Edit the protection's settings.
  2. Install policy on all Security Gateways.

This protection's log will contain the following information:

Attack Name:  Web Client Enforcement Violation.
Attack Information:  Mozilla SOAPParameter Integer Overflow

×
  Feedback
This website uses cookies for its functionality and for analytics and marketing purposes. By continuing to use this website, you agree to the use of cookies. For more information, please read our Cookies Notice.
OK