Vulnerability Development mailing list archives
RE: Achiever CSS-50 Personal Paper Shedder Buffer Overflow (!)
From: "Robert Hagen" <robert_hagen () globalcrossing com>
Date: Mon, 10 Sep 2001 16:24:45 -0400
<soapbox> I don't mean to spark off another "full disclosure" debate here, but I really feel that posting this exploit to the list before the vendor has even been notified constitutes an act of professional negligence. We're kidding ourselves if we don't think that hordes of script kiddies subscribe to this list looking for 'sploits to add to their arsenals. That's the last thing we need is a CodeShred worm wreaking havoc on paper shredders around the world and taking the DoD's entire shredder network offline. Next time, please ensure the vendor has been notified and given adequate time to produce a fix prior to releasing exploit code. It's our responsibility as security professionals. </soapbox> -rdh-
-----Original Message----- From: mrcdz [mailto:mrcdz () datavibe net] Sent: Monday, September 10, 2001 3:46 PM To: vuln-dev () securityfocus com Subject: Re: Achiever CSS-50 Personal Paper Shedder Buffer Overflow (!) PAPER SHREDDER REMOTE EXPLOIT VERSION 8.5x11p EFFECTED MODELS: CSS-50/60 and many like it. ;) Exploitation of stack based overflow in multiple vendor paper shredders. 1. Print this message on eight and a half by eleven photocopier paper. 2. Make 2,147,483,648 copies with photocopier. - Photocopier must be trusted host by Paper Shredder! 3. Load into paper shredder 1,024 pages at a time. - WARNING: This causes VERY high load on some shredders. Expect some delay. Once 2,147,483,648 exploit documents have been shredded, the shredder's internal count of shredded documents will become unsigned. My department manager has informed me that this unsignedness can cause damage to nearby hosts, and personal injury to administrators and users. "It just started spitting out deadly shreds of paper giving me 100 paper cuts". Research on this vulnerability as well as forensic analysis performed against my department manager's forehead has shown this unsignedness causes the motor inside the shredder to spin in the opposite direction. Administrators please update their JetDirect firmware immediately, as exploits for this vulnerability have already been seen circulating in the underground. It is very possible an attacker could use this vulnerability and gain access to the shredder remotely via jetdirect-x10-shreddertunnel.c. Vendors have not yet been informed of this vulnerability and may also be affected. Please do not forward this message to the vendors as it is a live exploit and may get passed to shredders inside corporate networks. During recent testing, it has also come to my attention that inserting this exploit document into the shredder after dunking it in water for 5 minutes; The shredder will catch on fire. Please test in an open room with proper protective materials. ----- if this line gets shredded, the exploit was successful! ----- On Mon, Sep 10, 2001 at 03:14:01PM -0400, Steve wrote:Vulnerability confirmed on both the CSS-50 and CSS-60 models.Also, it hasbeen noted that by using malformed paper sizes a maliciousattacker couldeffectively DoS the device or cause random failures. Iestimate that over75% of paper shredders in the world are effected by this.Someone shouldinform CERT and NIPC. :-) At 10:47 AM 10/09/2001 -0700, Xyntrix wrote:On Mon, Sep 10, 2001 at 04:59 PM, w1re p4ir<w1rep4ir () disinfo net> said:A vulnerability has been found in my companies Paper Shedder. Whenputting more than the recommened paper into the shedder (butnot enoughfor a DoS) It allows the paper to go in. This could causeabirtary paperto allowed in side the shredder. This vulnerability has beendiscoveredon Sept. 10. Achiever Has not been notified of thisparticular vulnerability.________________________________________________________ The Best News Source On The Web - http://www.disinfo.comi tried to replicate this problem and could not get it to work. i am currently using a stable version of a paper shredder. i also tried this on a post-processing paper shredding device where a third-party carries out the shredding process, and that also failed to acvieve a stack overflow. what size of paper are you using? i believe i am using 24lb, legal size. ----- _______________________________________ Mike Mclane | xyntrix at bitz dot org | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Current thread:
- Achiever CSS-50 Personal Paper Shedder Buffer Overflow (Humor) w1re p4ir (Sep 10)
- Re: Achiever CSS-50 Personal Paper Shedder Buffer Overflow (!) Xyntrix (Sep 10)
- Re: Achiever CSS-50 Personal Paper Shedder Buffer Overflow (!) Steve (Sep 10)
- Re: Achiever CSS-50 Personal Paper Shedder Buffer Overflow (!) mrcdz (Sep 10)
- RE: Achiever CSS-50 Personal Paper Shedder Buffer Overflow (!) Robert Hagen (Sep 10)
- Re: Achiever CSS-50 Personal Paper Shedder Buffer Overflow (!) Matthew Leeds (Sep 10)
- Re: Achiever CSS-50 Personal Paper Shedder Buffer Overflow (!) Steve (Sep 10)
- Re: Achiever CSS-50 Personal Paper Shedder Buffer Overflow (!) Justin C. Darby (Sep 10)
- Re: Achiever CSS-50 Personal Paper Shedder Buffer Overflow (!) - Remote Yvan Laverdiere (Sep 10)
- Re: Achiever CSS-50 Personal Paper Shedder Buffer Overflow (!) Xyntrix (Sep 10)
- Re: Achiever CSS-50 Personal Paper Shedder Buffer Overflow (Humor) Blue Boar (Sep 10)