OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Matthew Leeds (mleedstheleeds.net)
Date: Mon Sep 10 2001 - 15:00:52 CDT

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    Risks in attempting to resolve DoS attack:

    http://www.ohio.com/bj/news/2000/October/26/docs/006715.htm
    http://www.bloomington.k12.mn.us/distinfo/Safety/pg31-32.html
    http://www.cdc.gov/niosh/face/stateface/ne/95ne031.html

    ---Matthew
    *********** REPLY SEPARATOR ***********

    On 9/10/2001 at 3:14 PM Steve wrote:

    >Vulnerability confirmed on both the CSS-50 and CSS-60 models. Also, it
    >has
    >been noted that by using malformed paper sizes a malicious attacker could
    >effectively DoS the device or cause random failures. I estimate that over
    >75% of paper shredders in the world are effected by this. Someone should
    >inform CERT and NIPC.
    >
    >:-)
    >
    >
    >At 10:47 AM 10/09/2001 -0700, Xyntrix wrote:
    >>On Mon, Sep 10, 2001 at 04:59 PM, w1re p4ir <w1rep4irdisinfo.net> said:
    >> > A vulnerability has been found in my companies Paper Shedder. When
    >> putting more than the recommened paper into the shedder (but not enough
    >> for a DoS) It allows the paper to go in. This could cause abirtary paper
    >> to allowed in side the shredder. This vulnerability has been discovered
    >> on Sept. 10. Achiever Has not been notified of this particular
    >vulnerability.
    >> >
    >> > ________________________________________________________
    >> > The Best News Source On The Web - http://www.disinfo.com
    >>
    >>i tried to replicate this problem and could not get it to work. i am
    >>currently using a stable version of a paper shredder. i also tried this
    >>on a post-processing paper shredding device where a third-party carries
    >>out the shredding process, and that also failed to acvieve a stack
    >>overflow. what size of paper are you using? i believe i am using 24lb,
    >>legal size.
    >>
    >>-----
    >>_______________________________________
    >>Mike Mclane | xyntrix at bitz dot org |
    >>~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~