Vulnerability Development mailing list archives
Re: Achiever CSS-50 Personal Paper Shedder Buffer Overflow (!)
From: "Matthew Leeds" <mleeds () theleeds net>
Date: Mon, 10 Sep 2001 13:00:52 -0700
Risks in attempting to resolve DoS attack: http://www.ohio.com/bj/news/2000/October/26/docs/006715.htm http://www.bloomington.k12.mn.us/distinfo/Safety/pg31-32.html http://www.cdc.gov/niosh/face/stateface/ne/95ne031.html ---Matthew *********** REPLY SEPARATOR *********** On 9/10/2001 at 3:14 PM Steve wrote:
Vulnerability confirmed on both the CSS-50 and CSS-60 models. Also, it has been noted that by using malformed paper sizes a malicious attacker could effectively DoS the device or cause random failures. I estimate that over 75% of paper shredders in the world are effected by this. Someone should inform CERT and NIPC. :-) At 10:47 AM 10/09/2001 -0700, Xyntrix wrote:On Mon, Sep 10, 2001 at 04:59 PM, w1re p4ir <w1rep4ir () disinfo net> said:A vulnerability has been found in my companies Paper Shedder. Whenputting more than the recommened paper into the shedder (but not enough for a DoS) It allows the paper to go in. This could cause abirtary paper to allowed in side the shredder. This vulnerability has been discovered on Sept. 10. Achiever Has not been notified of this particularvulnerability.________________________________________________________ The Best News Source On The Web - http://www.disinfo.comi tried to replicate this problem and could not get it to work. i am currently using a stable version of a paper shredder. i also tried this on a post-processing paper shredding device where a third-party carries out the shredding process, and that also failed to acvieve a stack overflow. what size of paper are you using? i believe i am using 24lb, legal size. ----- _______________________________________ Mike Mclane | xyntrix at bitz dot org | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Current thread:
- Achiever CSS-50 Personal Paper Shedder Buffer Overflow (Humor) w1re p4ir (Sep 10)
- Re: Achiever CSS-50 Personal Paper Shedder Buffer Overflow (!) Xyntrix (Sep 10)
- Re: Achiever CSS-50 Personal Paper Shedder Buffer Overflow (!) Steve (Sep 10)
- Re: Achiever CSS-50 Personal Paper Shedder Buffer Overflow (!) mrcdz (Sep 10)
- RE: Achiever CSS-50 Personal Paper Shedder Buffer Overflow (!) Robert Hagen (Sep 10)
- Re: Achiever CSS-50 Personal Paper Shedder Buffer Overflow (!) Matthew Leeds (Sep 10)
- Re: Achiever CSS-50 Personal Paper Shedder Buffer Overflow (!) Steve (Sep 10)
- Re: Achiever CSS-50 Personal Paper Shedder Buffer Overflow (!) Justin C. Darby (Sep 10)
- Re: Achiever CSS-50 Personal Paper Shedder Buffer Overflow (!) - Remote Yvan Laverdiere (Sep 10)
- Re: Achiever CSS-50 Personal Paper Shedder Buffer Overflow (!) Xyntrix (Sep 10)
- Re: Achiever CSS-50 Personal Paper Shedder Buffer Overflow (Humor) Blue Boar (Sep 10)