| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 1 Apr 2011 09:59:04 -0400
From: Nelson Elhage <nelhage@...lice.com>
To: full-disclosure@...ts.grok.org.uk
Subject: Plumber Injection Attack in Bowser's Castle
Advisory Name: Plumber Injection Attack in Bowser's Castle
Release Date: 2011-04-01
Application: Bowser's Castle
Versions: Super Mario Bros., Super Mario Bros.: The Lost Levels
Identifier: SMB-1985-0001
Advisory: http://blog.ksplice.com/2011/04/smb-1985-0001-advisory/
-----------------------------------------------------------------------
Vulnerability Overview
----------------------
Multiple versions of Bowser's Castle are vulnerable to a plumber injection
attack. An Italian plumber could exploit this bug to bypass security measures
(walk through walls) in order to rescue Peach, to defeat Bowser, or for
unspecified other impact.
Exploit
-------
http://www.youtube.com/watch?v=rGshxZ1dYjA
This vulnerability is demonstrated by
"happylee-supermariobros,warped.fm2" [1]. Attacks using this
exploit have been observed in the wild, and multiple other exploits
are publicly available.
Affected Versions
-----------------
Versions of Bowser's Castle as shipped in Super Mario Bros. [2] and Super
Mario Bros.: The Lost Levels [3] are affected.
Solution
--------
http://www.youtube.com/watch?v=nacFU7ozeZA
An independently developed patch [4] is available.
A binary hot patch [5] to apply the update to an existing version is also
available.
All users are advised to upgrade.
Mitigations
-----------
For users unable to apply the recommended fix, a number of
mitigations are possible to reduce the impact of the vulnerability.
NOTE THAT NO MITIGATION IS BELIEVED TO BE COMPLETELY EFFECTIVE.
Potential mitigations include:
- Employing standard defense-in-depth strategies incorporating
multiple layers of defense, including Goombas [6], Koopa Troopas [7],
Bullet Bills [8], and others.
- Installing poison mushrooms outside your castle [9].
- Installing a firewall to limit access to affected systems. [10]
- Frequently moving your princess between different castles [11].
Credit
------
The vulnerability was originally discovered by Mario and Luigi, of Mario
Bros. Security Research.
The provided patch and this advisory were prepared by Lakitu Cloud
Security, Inc. The hot patch was developed in collaboration with
Ksplice, Inc. [12]
Product Overview
----------------
Bowser's Castle is King Bowser's home and the base of operations
for the Koopa Troop. Bowser's Castle is the final defense against
assaults by Mario to kidnap Princess Peach, and is guarded by
Bowser's most powerful minions. [13]
References
----------
[1] http://tasvideos.org/1715M.html
[2] http://en.wikipedia.org/wiki/Super_Mario_Bros.
[3] http://en.wikipedia.org/wiki/Super_Mario_Bros.:_The_Lost_Levels
[4] http://blog.ksplice.com/wp-content/uploads/2011/04/smb-1985-0001.patch
[5] http://blog.ksplice.com/wp-content/uploads/2011/04/patch-smb-1985-0001.sh
[6] http://www.mariowiki.com/Goomba
[7] http://www.mariowiki.com/Koopa_Troopa
[8] http://www.mariowiki.com/Bullet_Bill
[9] http://www.mariowiki.com/Firebar
[10] http://tvtropes.org/pmwiki/pmwiki.php/Main/YourPrincessIsInAnotherCastle
[11] http://www.mariowiki.com/Poison_Mushrooms
[12] http://www.ksplice.com/
[13] http://www.mariowiki.com/Bowser%27s_Castle
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists