Risks in attempting to resolve DoS attack:

http://www.ohio.com/bj/news/2000/October/26/docs/006715.htm
http://www.bloomington.k12.mn.us/distinfo/Safety/pg31-32.html
http://www.cdc.gov/niosh/face/stateface/ne/95ne031.html

---Matthew
*********** REPLY SEPARATOR ***********

On 9/10/2001 at 3:14 PM Steve wrote:

>Vulnerability confirmed on both the CSS-50 and CSS-60 models. Also, it
>has
>been noted that by using malformed paper sizes a malicious attacker could
>effectively DoS the device or cause random failures. I estimate that over
>75% of paper shredders in the world are effected by this. Someone should
>inform CERT and NIPC.
>
>:-)
>
>
>At 10:47 AM 10/09/2001 -0700, Xyntrix wrote:
>>On Mon, Sep 10, 2001 at 04:59 PM, w1re p4ir <w1rep4irdisinfo.net> said:
>> > A vulnerability has been found in my companies Paper Shedder. When
>> putting more than the recommened paper into the shedder (but not enough
>> for a DoS) It allows the paper to go in. This could cause abirtary paper
>> to allowed in side the shredder. This vulnerability has been discovered
>> on Sept. 10. Achiever Has not been notified of this particular
>vulnerability.
>> >
>> > ________________________________________________________
>> > The Best News Source On The Web - http://www.disinfo.com
>>
>>i tried to replicate this problem and could not get it to work. i am
>>currently using a stable version of a paper shredder. i also tried this
>>on a post-processing paper shredding device where a third-party carries
>>out the shredding process, and that also failed to acvieve a stack
>>overflow. what size of paper are you using? i believe i am using 24lb,
>>legal size.
>>
>>-----
>>_______________________________________
>>Mike Mclane | xyntrix at bitz dot org |
>>~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]