lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <2d792fb20804010722g686e6b7aq8b9ea4b25cac91c4@mail.gmail.com>
Date: Tue, 1 Apr 2008 18:22:55 +0400
From: "Razi Shaban" <razishaban@...il.com>
To: evilrabbi <evilrabbi@...il.com>
Cc: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com
Subject: Re: CAU-2008-0001 - Slowly Closing Door Race
	Condition

April Fools!

--
Razi

On 4/1/08, evilrabbi <evilrabbi@...il.com> wrote:
> Why would you realease something like this without telling the vendor? What
> you did is irresponsible.
>
>
>
> On Tue, Apr 1, 2008 at 12:18 AM, Nate McFeters <nate.mcfeters@...il.com>
> wrote:
>
> > Hahaha, nice find.
> >
> >
> > On 4/1/08, I)ruid <druid@...ghq.org> wrote:
> > >                      ____      ____     __    __
> > >                     /    \    /    \   |  |  |  |
> > >        ----====####/  /\__\##/  /\  \##|  |##|
> |####====----
> > >                   |  |      |  |__|  | |  |  |  |
> > >                   |  |  ___ |   __   | |  |  |  |
> > > ------======######\  \/  /#|  |##|  |#|  |##|
> |######======------
> > >                     \____/  |__|  |__|  \______/
> > >
> > >
> > >
> > >
> > >                    Computer Academic Underground
> > >                        http://www.caughq.org
> > >                          Security Advisory
> > >
> > >
> ===============/========================================================
> > > Advisory ID:    CAU-2008-0001
> > > Release Date:   04/01/2008
> > > Title:          Slowly Closing Door Race Condition
> > > Application/OS: Physical Structures
> > > Topic:          Physical structures employing exit doors with locks
> > >                are vulnerable to a race condition.
> > > Vendor Status:  Not Notified
> > > Attributes:     Physical, Race Condition
> > > Advisory URL:
> http://www.caughq.org/advisories/CAU-2008-0001.txt
> > > Author/Email:   CAU <advisories (at) caughq.org>
> > >
> ===============/========================================================
> > >
> > > Overview
> > > ========
> > >
> > > Physical structures which employ automatically locking doors to secure
> > > exit points expose a race condition which may allow unauthorized entry.
> > >
> > >
> > > Impact
> > > ======
> > >
> > > Malicious outsiders may be able to enter a structure via an exit point.
> > >
> > > Exit points may additionally provide an exit from a secure area of the
> > > structure, allowing an outsider entering through the exit point to gain
> > > direct access to the secure area.
> > >
> > >
> > > Affected Systems
> > > ================
> > >
> > > Physical structures which employ automatically locking doors at exit
> > > points of the structure.
> > >
> > >
> > > Technical Explanation
> > > =====================
> > >
> > > An exit's lock[1] generally converts a two-way door into a one-way
> > > door, allowing a person to traverse the door's threshold in one
> > > direction but not in the other.  These types of locks are used to
> > > secure exit points of structures so that people may exit via the door
> > > but not re-enter without disabling the lock through force or
> > > authentication.
> > >
> > > When a person exits the structure through an exit point which is
> > > secured by such a mechanism, a race condition exists wherein a
> > > malicious outsider may be able to reach the door and enter through it
> > > before it closes and locks itself.
> > >
> > > Many doors, especially heavier ones, also employ closing mechanisms[2]
> > > which are designed to cause the door to close slowly so as not to slam
> > > the door shut and damage the door frame, or damage any human appendage
> > > which may be in between the door and it's frame.  Such closing
> > > mechanisms can greatly increase the amount of time that the race
> > > condition exists.
> > >
> > >
> > > Solution & Recommendations
> > > ==========================
> > >
> > > 1) Always ensure that personnel exiting an exit door wait outside the
> > >   door until it has completely closed and locked before walking
> > >   away.
> > >
> > > 2) Employ a double door system such as is used in an air-lock where
> > >   the interior door must be secured prior to the exterior door being
> > >   allowed to open.
> > >
> > >
> > > Exploitation
> > > ============
> > >
> > > First identify the exit point that you want to exploit.  Stand at a
> > > safe distance during a high-traffic time and watch for people to use
> > > the exit point.  Time how long it takes for the door to close and
> > > lock itself when someone traverses the exit point.
> > >
> > > Next, identify a safe hiding place near the exit point, preferably
> > > in a direction that would be behind a person exiting the door, but
> > > which is within a distance to the exit point which you could traverse
> > > in under the door's closing time at a brisk pace or run.
> > >
> > > Finally, hide in this location during a lower traffic time and wait
> > > for someone to utilize the exit point.  After they have exited the
> > > door and are walking away, run to the door and enter before it has
> > > closed and locked.  Extra points are awarded for a spectacular dive
> > > and/or roll to catch the door at the very last second.
> > >
> > >
> > > References
> > > ==========
> > >
> > > [1] http://en.wikipedia.org/wiki/Lock_%28device%29
> > > [2] http://en.wikipedia.org/wiki/Door_closer
> > >
> > >
> > > Credits & Gr33ts
> > > ================
> > >
> > > Theodor Geisel, AHA!, NMRC, Uninformed Journal, dc214
> > >
> > >
> > > --
> > > I)ruid, CĀ²ISSP
> > > druid@...ghq.org
> > > http://druid.caughq.org
> > >
> > > _______________________________________________
> > > Full-Disclosure - We believe in it.
> > > Charter:
> http://lists.grok.org.uk/full-disclosure-charter.html
> > > Hosted and sponsored by Secunia - http://secunia.com/
> > >
> > >
> >
> >
> > _______________________________________________
> > Full-Disclosure - We believe in it.
> > Charter:
> http://lists.grok.org.uk/full-disclosure-charter.html
> > Hosted and sponsored by Secunia - http://secunia.com/
> >
>
>
>
> --
> -- h0 h0 h0 --
> www.nopsled.net
> _______________________________________________
>  Full-Disclosure - We believe in it.
>  Charter:
> http://lists.grok.org.uk/full-disclosure-charter.html
>  Hosted and sponsored by Secunia - http://secunia.com/
>

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ