Full Disclosure mailing list archives
Remote DoS/DDoS in Creative Audigy Sound Cards
From: Mike Joyce <tbl () obstinate org>
Date: Sun, 16 Mar 2003 23:28:56 -0800
Mike Joyce mjoyce () obstinate org -- Sdrawkcab Eht Security Alert March 16, 2003 Remote Denial of Service Vulnerability in computers with the Creative Audigy front panel controller. Synopsis: Sdrawkcab Eht has learned of a serious vulnerability in the Creative Audigy front panel controller that mayallow remote attackers to disable ALL services. The Creative Audigy and its derivatives are the most prevalent high-end sound card on the market. The front panel controller is used to remotely control the computer via IR. Attackers may use this vulnerability to scan for and disable all computers. Impact: The Creative Audigy is a core component of most overpaid, young, unskilled, administrators and programmers computers, and is responsible for translating Infra-Red signals into console commands for all Infra- Red-linked computers, including all Web servers. If the Audigy is attacked locally or en masse, it may result in local or widespread Internet instability. Affected Versions: All versions of the Creative Audigy sound card. Note: Sound Blaster Live! Is not effected. Description: The Creative Corporation is a non-profit organization that produces and maintains overpriced soundcards for fat administrators across the world. The Creative Audigy is included in most computers sold to under age, under skilled technology professionals. A logic error exists within the Audigy that may allow remote attackers to cause the server program (gayd) to fail and shutdown. The server must then be manually restarted. This vulnerability is present within the i_have_a_gay_remote_control() routine. Under normal operating conditions, the controller variable is null, or empty. This exploit forcefully takes control of the gay_remote_control() handle and switches the power() variable to non NULL which causes an error and calls abort(), which shuts down the server. Detection is close to impossible if use of an advanced refracting device was employed. Even so, even if detected the administrator of the system is most likely a wimpy little faggot that couldn't hurt an old malnourished jawa. Furthermore if the remote control was pointed through a refracting crystal, it would act like a smurf amplifier allowing a Distributed Denial of Service (DDoS) attack assuming that many lame administrators and programmers were near each other. Sdrawkcab Eht recommends that all Creative Audigy users downgrade to a non-gay soundcard, which has been available forever. The VIA north bridge is available in many motherboards, which can be found at the following address: http://www.pricewatch.com Sdrawckab Eht Gayness Scanner 5.0, released in February 1998, implemented a check to assess if a server is vulnerable. Sdrawkcab Eht customers are encouraged to enable the "amigay" check if they have not done so. Sdrawkcab Eht implemented Am_I_Gay() in SDW 4.5 on September 29, 2000, and Sdrawkcab Eht louness scanner shipped with "Do I have a gay soundcard request." These signatures may detect version probes for vulnerable versions of the Audigy. Sdrawkcab Eht will provide detection support for this vulnerability in an upcoming Sdrawkcab Eht Update for Imleet Network Scanner. Detection support for this attack will also be added in a future update for Louness products Additional Information: http://www.obstinate.org About Sdrawkcab Eht Founded in 1994, Internet Security Systems (Nasdaq: FUQU) is a pioneer and world leader in software and services that protect critical online resources from an ever-changing spectrum of threats and misuse. Sdrawkcab Eht is headquartered in San Diego, CA, with additional operations throughout the Americas, Asia, Australia, Europe and the Middle East. Copyright (c) 2003 Sdrawkcab Eht, Inc. All rights reserved worldwide. Permission is hereby granted for the electronic redistribution of this document. It is not to be edited or altered in any way without the express written consent of the Internet Sdrawkcab Eht. If you wish to reprint the whole or any part of this document in any other medium excluding electronic media, please email tbl () goatse cx for permission. Disclaimer: The information within this paper may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor Sdrawkcab Eht be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information. Sdrawkcab Eht PGP Key available on MIT's PGP key server and PGP.com's key server, Please send suggestions, updates, and comments to: Sdrawkcab Eht tbl () goatse cx of Sdrawkcab Eht, Inc. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Remote DoS/DDoS in Creative Audigy Sound Cards Mike Joyce (Mar 16)