Risks in attempting to resolve DoS attack: http://www.ohio.com/bj/news/2000/October/26/docs/006715.htm http://www.bloomington.k12.mn.us/distinfo/Safety/pg31-32.html http://www.cdc.gov/niosh/face/stateface/ne/95ne031.html ---Matthew *********** REPLY SEPARATOR *********** On 9/10/2001 at 3:14 PM Steve wrote: >Vulnerability confirmed on both the CSS-50 and CSS-60 models. Also, it >has >been noted that by using malformed paper sizes a malicious attacker could >effectively DoS the device or cause random failures. I estimate that over >75% of paper shredders in the world are effected by this. Someone should >inform CERT and NIPC. > >:-) > > >At 10:47 AM 10/09/2001 -0700, Xyntrix wrote: >>On Mon, Sep 10, 2001 at 04:59 PM, w1re p4ir <w1rep4irat_private> said: >> > A vulnerability has been found in my companies Paper Shedder. When >> putting more than the recommened paper into the shedder (but not enough >> for a DoS) It allows the paper to go in. This could cause abirtary paper >> to allowed in side the shredder. This vulnerability has been discovered >> on Sept. 10. Achiever Has not been notified of this particular >vulnerability. >> > >> > ________________________________________________________ >> > The Best News Source On The Web - http://www.disinfo.com >> >>i tried to replicate this problem and could not get it to work. i am >>currently using a stable version of a paper shredder. i also tried this >>on a post-processing paper shredding device where a third-party carries >>out the shredding process, and that also failed to acvieve a stack >>overflow. what size of paper are you using? i believe i am using 24lb, >>legal size. >> >>----- >>_______________________________________ >>Mike Mclane | xyntrix at bitz dot org | >>~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
This archive was generated by hypermail 2b30 : Mon Sep 10 2001 - 15:24:21 PDT