Full Disclosure mailing list archives

RE: Shoe 1.0 - Remote Lace Overflow

From: "Todd Towles" <toddtowles () brookshires com>
Date: Thu, 23 Dec 2004 07:44:17 -0600

Very funny, nice work.

-----Original Message-----
From: full-disclosure-bounces () lists netsys com 
[mailto:full-disclosure-bounces () lists netsys com] On Behalf 
Of announce () 0x90 org
Sent: Wednesday, December 22, 2004 10:21 AM
To: bugtraq () securityfocus com; dailydave () immunitysec com; 
full-disclosure () lists netsys com
Subject: [Full-disclosure] Shoe 1.0 - Remote Lace Overflow

 Shoe 1.0 - Remote Lace Overflow
 --------------------------------------------

 This Vulnerability is in reference to the new class of 
remote vulnerabilities  indicated in: 
 http://www.securityfocus.com/archive/1/385078/2004-12-19/2004-12-25/2
 [Please read that first] 

 Discovery Credited To:
 ----------------------
      freshman - 0x90.org
      wxs      - 0x90.org
      txs      - 0x90.org

 Greets:
 -------
 Jonathan T. Rockway for being the smartest man alive.

 Description:
 ------------
 A remote shoe vulnerability exists that could allow for 
remote tripping and  possible exposure of sensitive data to 
the pavement.

 Scope:
 ------
 REMOTE

 Severity:
 ---------
 Hyper-Critical. This needs no explanation.

 Vulnerability:
 --------------
 Failure to properly tie your shoe could result in tripping 
and a possible  broken face upon sudden deceleration when 
hitting the pavement.

 Vulnerable Sizes: 
 -----------------
 6 through 13. Other sizes may be vulnerable, but were 
unavailable for testing.

 Exploitation:
 -------------
 You have a 100% secure walking system - you do not fall 
down, or trip over  your own laces.  A remote attacker could 
determine your shoe size by reading  your livejournal FROM 
THE NETWORK and could MAIL YOU a shoe with extra long  laces. 
 You put the shoe on without tying it properly and suddenly 
are exposed  to a REMOTE shoe vulnerability!

 Fix:
 ----
 Do not wear untrusted shoes sent to you. Other possible 
workarounds include  sandals (aka. flip-flops). These are a 
good work-around and are widely  available for those 
concerned about their security. 

 Vendor Notification:
 --------------------
 Vendors were not notified at the time of this writing.  We 
have choosen not to  give advance notice because the fault is 
not always with the vendor of the  shoe as a REMOTE PERSON 
could SNAIL MAIL a LOCAL USER a  vulnerable shoe.

 We at 0x90.org believe that the users should be happy they 
were notified about  this.  Imagine the mass destruction and 
chaos that would ensue if we unleashed  a REMOTE SHOE 
VULNERABILITY WORM into the wild.  At this time we have 
choosen  not to do that, mostly because we can not afford all 
the stamps to mail  vulnerable shoes to the public.


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Current thread:

Shoe 1.0 - Remote Lace Overflow announce (Dec 22)
- Re: Shoe 1.0 - Remote Lace Overflow Alex V. Lukyanenko (Dec 24)
- Re: Shoe 1.0 - Remote Lace Overflow Thomas Sutpen (Dec 25)
  - Re: Shoe 1.0 - Remote Lace Overflow Nancy Kramer (Dec 27)
- <Possible follow-ups>
- RE: Shoe 1.0 - Remote Lace Overflow Todd Towles (Dec 23)