|Topic:||Vulnerabilities in Toilet|
For general information regarding int13h Security Advisories, please visit www.int13h.com.
0. Revision History
v1.0 2005-06-16 Initial release.
Data transfer pipeline used to move input from the basin pool to secure centre for processing.
II. Problem Description
Input of unfiltered content that cannot be broken down into sub items can cause blocking in pipeline::u-bend(). In most cases can lead to a buffer overflow in the basin input pool.
1) In some cases the the pipeline can still function under these conditions at a reduced work flow resulting in the input buffer filling to sizes within safe working conditions.
2) Some extreme cases can cause the toilet stack to be compromised completely leading to complete buffer overflow. In which case the current input buffer pool will be leaked into physical storage space !!WARNING!! this will lead to unsecured viewing of the input buffer to any users viewing the system.
Possible workarounds include the use of /dev/plunger for when a blockage is detected.
For data sensitive implementations of the Toilet system it is recommended that the system is installed within a well secured DMZ.
No known solution at time of notice.
www.int13h.com - Security Advisory