| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sat, 07 Apr 2012 16:22:13 +0200
From: klondike <klondike@...cosoft.es>
To: full-disclosure@...ts.grok.org.uk
Subject: FSA2012-1 and FSA2012-2: Chocolate easter egss
vulnerable to egg white injection and usable as trojan horses.
Given to their nature chocolate easter eggs present a few
vulnerabilities that can be exploited by a malicious attacker to gain
complete control of a person's hate.
FSA2012-1:
1. Summary
Impact: high
Exploitability: local
Synopsis: Through some special unintended actions and attacker can cause
an egg white injection into chocolate easter egss altering the nature of
the system.
2. Impact
Backgorund:
Chocolate easter eggs are a treat liked by both children and adults
during and eaten most frequently during easter.
Description:
Using a syringe with an hypodermical needle a local attacker can cause
an egg white injection into the egg inside. This can also be combined
with FSA2012-2 in order to creat trojanized chocolate eggs with a crude
egg payload.
Impact:
Injected eggs can be used to affect through social engineering
techniques to standard chocolate eggs eaters causing them to redirect
all their rage towards you. In critical cases like allergies the
individual may end up dying.
3. Workarounds:
There is currently no known workaround to the issue since it is inherent
to the easter chocolate eggs design.
FSA2012-1:
1. Summary
Impact: high
Exploitability: local
Synopsis: Through some special unintended actions and attacker can craft
trojanized chocolate easter egss whose contents won't be realized by the
attacker until it has happened.
2. Impact
Backgorund:
Chocolate easter eggs are a treat liked by both children and adults
during and eaten most frequently during easter.
Description:
It is possible to craft eggs containing the desired solid objects or
half of its contents filled with other products in not solid state. This
is done by joining both moulded egg halves together with the contents on
one of them, or coating the object in chocolate if it is eggshaped.
Impact:
Trojanized eggs can be used to affect through social engineering
techniques to standard chocolate eggs eaters causing them to redirect
all their rage towards you. In critical cases like allergies the
individual may end up dying. There have been cases where shelled hard
boiled eggs where coated in crocant chocolate in order to send the
affected user to the hospital.
3. Workarounds:
There is currently no known workaround to the issue since it is inherent
to the easter chocolate eggs design.
Thanks:
ss23
Vinky
Download attachment "signature.asc" of type "application/pgp-signature" (263 bytes)
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists