Full Disclosure mailing list archives
Plumber Injection Attack in Bowser's Castle
From: Nelson Elhage <nelhage () ksplice com>
Date: Fri, 1 Apr 2011 09:59:04 -0400
Advisory Name: Plumber Injection Attack in Bowser's Castle Release Date: 2011-04-01 Application: Bowser's Castle Versions: Super Mario Bros., Super Mario Bros.: The Lost Levels Identifier: SMB-1985-0001 Advisory: http://blog.ksplice.com/2011/04/smb-1985-0001-advisory/ ----------------------------------------------------------------------- Vulnerability Overview ---------------------- Multiple versions of Bowser's Castle are vulnerable to a plumber injection attack. An Italian plumber could exploit this bug to bypass security measures (walk through walls) in order to rescue Peach, to defeat Bowser, or for unspecified other impact. Exploit ------- http://www.youtube.com/watch?v=rGshxZ1dYjA This vulnerability is demonstrated by "happylee-supermariobros,warped.fm2" [1]. Attacks using this exploit have been observed in the wild, and multiple other exploits are publicly available. Affected Versions ----------------- Versions of Bowser's Castle as shipped in Super Mario Bros. [2] and Super Mario Bros.: The Lost Levels [3] are affected. Solution -------- http://www.youtube.com/watch?v=nacFU7ozeZA An independently developed patch [4] is available. A binary hot patch [5] to apply the update to an existing version is also available. All users are advised to upgrade. Mitigations ----------- For users unable to apply the recommended fix, a number of mitigations are possible to reduce the impact of the vulnerability. NOTE THAT NO MITIGATION IS BELIEVED TO BE COMPLETELY EFFECTIVE. Potential mitigations include: - Employing standard defense-in-depth strategies incorporating multiple layers of defense, including Goombas [6], Koopa Troopas [7], Bullet Bills [8], and others. - Installing poison mushrooms outside your castle [9]. - Installing a firewall to limit access to affected systems. [10] - Frequently moving your princess between different castles [11]. Credit ------ The vulnerability was originally discovered by Mario and Luigi, of Mario Bros. Security Research. The provided patch and this advisory were prepared by Lakitu Cloud Security, Inc. The hot patch was developed in collaboration with Ksplice, Inc. [12] Product Overview ---------------- Bowser's Castle is King Bowser's home and the base of operations for the Koopa Troop. Bowser's Castle is the final defense against assaults by Mario to kidnap Princess Peach, and is guarded by Bowser's most powerful minions. [13] References ---------- [1] http://tasvideos.org/1715M.html [2] http://en.wikipedia.org/wiki/Super_Mario_Bros. [3] http://en.wikipedia.org/wiki/Super_Mario_Bros.:_The_Lost_Levels [4] http://blog.ksplice.com/wp-content/uploads/2011/04/smb-1985-0001.patch [5] http://blog.ksplice.com/wp-content/uploads/2011/04/patch-smb-1985-0001.sh [6] http://www.mariowiki.com/Goomba [7] http://www.mariowiki.com/Koopa_Troopa [8] http://www.mariowiki.com/Bullet_Bill [9] http://www.mariowiki.com/Firebar [10] http://tvtropes.org/pmwiki/pmwiki.php/Main/YourPrincessIsInAnotherCastle [11] http://www.mariowiki.com/Poison_Mushrooms [12] http://www.ksplice.com/ [13] http://www.mariowiki.com/Bowser%27s_Castle _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Plumber Injection Attack in Bowser's Castle Nelson Elhage (Apr 01)
- Re: Plumber Injection Attack in Bowser's Castle Dan Kaminsky (Apr 01)
- Re: Plumber Injection Attack in Bowser's Castle Zach C. (Apr 01)