Re: Achiever CSS-50 Personal Paper Shedder Buffer Overflow (!)

["Justin C. Darby" <windex () wi rr com>]

I have found that using several randomly inserted legal-sized sheets of
paper in random color assortments works best.

It's hard to trace which sheet caused the problem, making it nearly
untracable.

This can also be used as a denial of service attack in large quantities, and
remains untracable except for fingerprinting evidence on the paper.. The
expense involved however, is much too great for most script kiddies, who
can't afford new PC's to upgrade their old packard bells, let alone pallet
after pallet of paper..

:/

Justin C. Darby

----- Original Message -----
From: "Xyntrix" <xyntrix () bitz org>
To: "w1re p4ir" <w1rep4ir () disinfo net>
Cc: <vuln-dev () securityfocus com>
Sent: Monday, September 10, 2001 12:47 PM
Subject: Re: Achiever CSS-50 Personal Paper Shedder Buffer Overflow (!)


> On Mon, Sep 10, 2001 at 04:59 PM, w1re p4ir <w1rep4ir () disinfo net> said:
> > A vulnerability has been found in my companies Paper Shedder. When
putting more than the recommened paper into the shedder (but not enough for
a DoS) It allows the paper to go in. This could cause abirtary paper to
allowed in side the shredder. This vulnerability has been discovered on
Sept. 10. Achiever Has not been notified of this particular vulnerability.
> > ________________________________________________________
> > The Best News Source On The Web - http://www.disinfo.com
>
> i tried to replicate this problem and could not get it to work. i am
> currently using a stable version of a paper shredder. i also tried this
> on a post-processing paper shredding device where a third-party carries
> out the shredding process, and that also failed to acvieve a stack
> overflow. what size of paper are you using? i believe i am using 24lb,
> legal size.
>
> -----
> _______________________________________
> Mike Mclane | xyntrix at bitz dot org |
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~