Re: Achiever CSS-50 Personal Paper Shedder Buffer Overflow (!)

From: Steve (steveat_private)
Date: Mon Sep 10 2001 - 12:14:01 PDT

Next message: Justin C. Darby: "Re: Achiever CSS-50 Personal Paper Shedder Buffer Overflow (!)"

Previous message: Xyntrix: "Re: Achiever CSS-50 Personal Paper Shedder Buffer Overflow (!)"
In reply to: Xyntrix: "Re: Achiever CSS-50 Personal Paper Shedder Buffer Overflow (!)"
Next in thread: mrcdz: "Re: Achiever CSS-50 Personal Paper Shedder Buffer Overflow (!)"
Next in thread: Justin C. Darby: "Re: Achiever CSS-50 Personal Paper Shedder Buffer Overflow (!)"
Reply: mrcdz: "Re: Achiever CSS-50 Personal Paper Shedder Buffer Overflow (!)"
Reply: Matthew Leeds: "Re: Achiever CSS-50 Personal Paper Shedder Buffer Overflow (!)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Vulnerability confirmed on both the CSS-50 and CSS-60 models.  Also, it has 
been noted that by using malformed paper sizes a malicious attacker could 
effectively DoS the device or cause random failures.  I estimate that over 
75% of paper shredders in the world are effected by this.  Someone should 
inform CERT and NIPC.

:-)


At 10:47 AM 10/09/2001 -0700, Xyntrix wrote:
>On Mon, Sep 10, 2001 at 04:59 PM, w1re p4ir <w1rep4irat_private> said:
> > A vulnerability has been found in my companies Paper Shedder. When 
> putting more than the recommened paper into the shedder (but not enough 
> for a DoS) It allows the paper to go in. This could cause abirtary paper 
> to allowed in side the shredder. This vulnerability has been discovered 
> on Sept. 10. Achiever Has not been notified of this particular vulnerability.
> >
> > ________________________________________________________
> > The Best News Source On The Web - http://www.disinfo.com
>
>i tried to replicate this problem and could not get it to work. i am
>currently using a stable version of a paper shredder. i also tried this
>on a post-processing paper shredding device where a third-party carries
>out the shredding process, and that also failed to acvieve a stack
>overflow. what size of paper are you using? i believe i am using 24lb,
>legal size.
>
>-----
>_______________________________________
>Mike Mclane | xyntrix at bitz dot org |
>~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Next message: Justin C. Darby: "Re: Achiever CSS-50 Personal Paper Shedder Buffer Overflow (!)"
Previous message: Xyntrix: "Re: Achiever CSS-50 Personal Paper Shedder Buffer Overflow (!)"
In reply to: Xyntrix: "Re: Achiever CSS-50 Personal Paper Shedder Buffer Overflow (!)"
Next in thread: mrcdz: "Re: Achiever CSS-50 Personal Paper Shedder Buffer Overflow (!)"
Next in thread: Justin C. Darby: "Re: Achiever CSS-50 Personal Paper Shedder Buffer Overflow (!)"
Reply: mrcdz: "Re: Achiever CSS-50 Personal Paper Shedder Buffer Overflow (!)"
Reply: Matthew Leeds: "Re: Achiever CSS-50 Personal Paper Shedder Buffer Overflow (!)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Mon Sep 10 2001 - 12:36:48 PDT