I gave it a try, this time remotely by throwing a bundle of paper at the machine but I could not establish a connection between the paper and the shredder... Yvan ----- Original Message ----- From: "Xyntrix" <xyntrixat_private> To: "w1re p4ir" <w1rep4irat_private> Cc: <vuln-devat_private> Sent: Monday, September 10, 2001 1:47 PM Subject: Re: Achiever CSS-50 Personal Paper Shedder Buffer Overflow (!) > On Mon, Sep 10, 2001 at 04:59 PM, w1re p4ir <w1rep4irat_private> said: > > A vulnerability has been found in my companies Paper Shedder. When putting more than the recommened paper into the shedder (but not enough for a DoS) It allows the paper to go in. This could cause abirtary paper to allowed in side the shredder. This vulnerability has been discovered on Sept. 10. Achiever Has not been notified of this particular vulnerability. > > > > ________________________________________________________ > > The Best News Source On The Web - http://www.disinfo.com > > i tried to replicate this problem and could not get it to work. i am > currently using a stable version of a paper shredder. i also tried this > on a post-processing paper shredding device where a third-party carries > out the shredding process, and that also failed to acvieve a stack > overflow. what size of paper are you using? i believe i am using 24lb, > legal size. > > ----- > _______________________________________ > Mike Mclane | xyntrix at bitz dot org | > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
This archive was generated by hypermail 2b30 : Mon Sep 10 2001 - 14:31:47 PDT