From owner-freebsd-security  Tue May 18  9:40:44 1999
Delivered-To: freebsd-security@freebsd.org
Received: from xylan.com (postal.xylan.com [208.8.0.248])
	by hub.freebsd.org (Postfix) with ESMTP id 8C63014F1C
	for <security@FreeBSD.ORG>; Tue, 18 May 1999 09:40:38 -0700 (PDT)
	(envelope-from wes@softweyr.com)
Received: from mailhub.xylan.com by xylan.com (8.8.7/SMI-SVR4 (xylan-mgw 2.2 [OUT]))
	id JAA13413; Tue, 18 May 1999 09:39:39 -0700 (PDT)
Received: from omni.xylan.com by mailhub.xylan.com (SMI-8.6/SMI-SVR4 (mailhub 2.1 [HUB]))
	id JAA02426; Tue, 18 May 1999 09:39:39 -0700
Received: from softweyr.com (dyn1.utah.xylan.com) by omni.xylan.com (4.1/SMI-4.1 (xylan engr [SPOOL]))
	id AA04688; Tue, 18 May 99 09:39:33 PDT
Message-Id: <374197C5.AD8734F5@softweyr.com>
Date: Tue, 18 May 1999 10:39:33 -0600
From: Wes Peters <wes@softweyr.com>
Organization: Softweyr LLC
X-Mailer: Mozilla 4.5 [en] (X11; U; FreeBSD 3.1-RELEASE i386)
X-Accept-Language: en
Mime-Version: 1.0
To: "Rashid N. Achilov" <shelton@granch.ru>
Cc: Roger Marquis <marquis@roble.com>, security@FreeBSD.ORG
Subject: Re: HTML DOS? (http://microsoft.com/NTServer/all/Downloads.asp)
References: <Pine.GSO.3.96.990517072214.22349A-100000@roble2.roble.com> <37412A96.99E83C0E@granch.ru>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

"Rashid N. Achilov" wrote:
> 
> Roger Marquis wrote:
> >
> > Has anyone attempted to browse:
> >
> >         http://microsoft.com/NTServer/all/Downloads.asp
> >
> > using Netscape Navigator and noticed what seems to be an HTML denial of
> > service?  I've tested this page with Javascript on and off, Java on and
> > off, cookies on and off, stylesheets off, under FreeBSD, Linux and
> > Solaris and the behavior is consistent:
> >
> >         * Navigator freezes for several seconds
> >         * CPU utilization climbs briefly to near 100%
> >         * memory usage climbs by 11MB
> >         * the 11MB or memory are not released even after leaving
> >           the page and clearing disk and RAM caches.
> >
> >
> 
> After 7 minutes loading Netscape break with core dump :-( CPU
> utilization slowly up to 80%, next going in swap reading state, CPU
> utilization down, Netscape down with core dump :-(...FreeBSD 2.2.8, 32Mb
> RAM, Java on, JScript on, cookies on. Netscape Communicator 4.51 english

Machine: PII/300, 64MB, NeoMagic 128.
Netscape: 4.51 Linux/ELF
FreeBSD: 3.1-RELEASE

Netscape topped out at 83.45% CPU, but drew the page in 1:05.

-- 
       "Where am I, and what am I doing in this handbasket?"

Wes Peters                                                 Softweyr LLC
http://www.softweyr.com/~softweyr                      wes@softweyr.com


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message