Vulnerability confirmed on both the CSS-50 and CSS-60 models. Also, it has been noted that by using malformed paper sizes a malicious attacker could effectively DoS the device or cause random failures. I estimate that over 75% of paper shredders in the world are effected by this. Someone should inform CERT and NIPC. :-) At 10:47 AM 10/09/2001 -0700, Xyntrix wrote: >On Mon, Sep 10, 2001 at 04:59 PM, w1re p4ir <w1rep4irat_private> said: > > A vulnerability has been found in my companies Paper Shedder. When > putting more than the recommened paper into the shedder (but not enough > for a DoS) It allows the paper to go in. This could cause abirtary paper > to allowed in side the shredder. This vulnerability has been discovered > on Sept. 10. Achiever Has not been notified of this particular vulnerability. > > > > ________________________________________________________ > > The Best News Source On The Web - http://www.disinfo.com > >i tried to replicate this problem and could not get it to work. i am >currently using a stable version of a paper shredder. i also tried this >on a post-processing paper shredding device where a third-party carries >out the shredding process, and that also failed to acvieve a stack >overflow. what size of paper are you using? i believe i am using 24lb, >legal size. > >----- >_______________________________________ >Mike Mclane | xyntrix at bitz dot org | >~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
This archive was generated by hypermail 2b30 : Mon Sep 10 2001 - 12:36:48 PDT