Vulnerability Development mailing list archives
Multiple exploits Remote DOS Brainware 2000.11
From: Justin Hull <anon30818 () ZOTLINE COM>
Date: Mon, 30 Oct 2000 19:35:23 -0700
*** Warning: the following document contains malware. Read with care. *** Multiple Denial-Of-Service (DOS) attacks are possible against users of Brainware 2000.11. At Risk: 1. Users of all computing platforms except Linux. 2. People who have never used a computer. Communication software must be installed and enabled for the attack to succeed. Example Exploits: Victim prompt: Paper or Plastic? DOS response: Any string not beginning with the letter "P" (upper or lower case). Victim prompt: You saved 41 cents. DOS response: Compared to what? This class of DOS is not limited to shopping cart applications. For example: Victim prompt: Are you voting Republican or Democrat? DOS response: Neither. Victim prompt: What do you think the government should do about health care? DOS response: I think government should help you fight criminals, not colds. Other scenarios exist, but they will not be disclosed at this time to give the luser community a chance to prepare. Severity: Medium. Workarounds exist. No patch available at this time. There are no reports of these attacks causing a fatal or unrecoverable error. In many cases the victim will simply hang for several seconds and/or self-reboot. The victim may then repeat the prompt, enabling another DOS. In less common cases the DOS will simply be ignored. There are some indications that Brainware's response to the DOS attempt may vary depending on how long ago the software was first installed. Some would argue that the DOS cannot really be remotely initiated because it requires the victim's cooperation to emit the prompt string prior to the attack. However, various well-known social engineering techniques can usually place the intended victim into a pre-vulnerability state from which the prompt string shortly follows. Patch: Several patches have been attempted, however, they are usually rejected by Brainware's built-in defenses. Workaround: Potential victims should filter OUTGOING packets containing prompt strings that signal the victim is in a vulnerable state, and/or avoid the situations that commonly lead up to the DOS. Attempting to filter the INBOUND packets containing DOS strings is not recommended for the following reasons: * Effective filtering would require a stateful awareness because the content of the DOS packets may be legitimate under other circumstances. * The processing overhead for the filtering and state analysis must be performed by the potential victim. No known suitable firewalls are presently available on the market. * Targeted victims may not have sufficient stateful awareness capacity or available processor cycles to devote to the required filtering. * If the finger/ear protocol is implemented by the victim, all communication is hindered which is in itself another type of DOS. Vendor notification: Although Brainware 2000.10 has no obvious copyright message (in fact it copies itself aggressively, much like a virus) many members of the user community believe they have identified the vendor. However, multiple prayers emailed to god () heaven org went unanswered. If the vendor monitors Vuln-Dev, a current email address would be appreciated, as I'm sure many of us would be happy to work directly with the vendor on issues like this in the future. Credits: I would like to claim credit for being the first to formally report what may turn out to be a whole new class of security vulnerabilities. However I am sure others can immediately think of several additional DOS strings. Perhaps we should collect these in a database somewhere. I also discovered Cross Site Scripting, brute-force password cracking, and the Good Times virus, but certain nondisclosure agreements and/or fear of prosecution prevented me from reporting them. Disclaimer: This information is intended to alert the community so users can take appropriate protective measures. Georgi Guninski is not liable for any abuse of this information, and for that matter, neither is anyone else.
Current thread:
- Multiple exploits Remote DOS Brainware 2000.11 Justin Hull (Oct 31)