int13h-SA-004

int13h-SA-004-Toilet

Topic: Vulnerabilities in Toilet
Category: Pipeline
Module: U-Bend
Announced: 05-06-16
Credits: Nightmare
Affects: Basin buffer-overflow
Corrected: n/a
int13h only: NO

For general information regarding int13h Security Advisories, please visit www.int13h.com.

0. Revision History

v1.0 2005-06-16 Initial release.

I. Background

Data transfer pipeline used to move input from the basin pool to secure centre for processing.

II. Problem Description

Input of unfiltered content that cannot be broken down into sub items can cause blocking in pipeline::u-bend(). In most cases can lead to a buffer overflow in the basin input pool.

III. Impact

1) In some cases the the pipeline can still function under these conditions at a reduced work flow resulting in the input buffer filling to sizes within safe working conditions.

2) Some extreme cases can cause the toilet stack to be compromised completely leading to complete buffer overflow. In which case the current input buffer pool will be leaked into physical storage space !!WARNING!! this will lead to unsecured viewing of the input buffer to any users viewing the system.

IV. Workaround

Possible workarounds include the use of /dev/plunger for when a blockage is detected.

For data sensitive implementations of the Toilet system it is recommended that the system is installed within a well secured DMZ.

V. Solution
No known solution at time of notice.

www.int13h.com - Security Advisory
Be Prepared!

0 Comments



Heavy Engine Console
--------------------------------------------------------------------------------
Loading Page... /965-int13h-SA-004
Console: