Vulnerability confirmed on both the CSS-50 and CSS-60 models. Also, it has
been noted that by using malformed paper sizes a malicious attacker could
effectively DoS the device or cause random failures. I estimate that over
75% of paper shredders in the world are effected by this. Someone should
inform CERT and NIPC.

:-)

At 10:47 AM 10/09/2001 -0700, Xyntrix wrote:
>On Mon, Sep 10, 2001 at 04:59 PM, w1re p4ir <w1rep4irdisinfo.net> said:
> > A vulnerability has been found in my companies Paper Shedder. When
> putting more than the recommened paper into the shedder (but not enough
> for a DoS) It allows the paper to go in. This could cause abirtary paper
> to allowed in side the shredder. This vulnerability has been discovered
> on Sept. 10. Achiever Has not been notified of this particular vulnerability.
> >
> > ________________________________________________________
> > The Best News Source On The Web - http://www.disinfo.com
>
>i tried to replicate this problem and could not get it to work. i am
>currently using a stable version of a paper shredder. i also tried this
>on a post-processing paper shredding device where a third-party carries
>out the shredding process, and that also failed to acvieve a stack
>overflow. what size of paper are you using? i believe i am using 24lb,
>legal size.
>
>-----
>_______________________________________
>Mike Mclane | xyntrix at bitz dot org |
>~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]