lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <4F804D95.6030509@xiscosoft.es>
Date: Sat, 07 Apr 2012 16:22:13 +0200
From: klondike <klondike@...cosoft.es>
To: full-disclosure@...ts.grok.org.uk
Subject: FSA2012-1 and FSA2012-2: Chocolate easter egss
 vulnerable to egg white injection and usable as trojan horses.

Given to their nature chocolate easter eggs present a few
vulnerabilities that can be exploited by a malicious attacker to gain
complete control of a person's hate.

FSA2012-1:
1. Summary
Impact: high
Exploitability: local
Synopsis: Through some special unintended actions and attacker can cause
an egg white injection into chocolate easter egss altering the nature of
the system.

2. Impact
Backgorund:
Chocolate easter eggs are a treat liked by both children and adults
during and eaten most frequently during easter.

Description:
Using a syringe with an hypodermical needle a local attacker can cause
an egg white injection into the egg inside. This can also be combined
with FSA2012-2 in order to creat trojanized chocolate eggs with a crude
egg payload.

Impact:
Injected eggs can be used to affect through social engineering
techniques to standard chocolate eggs eaters causing them to redirect
all their rage towards you. In critical cases like allergies the
individual may end up dying.

3. Workarounds:
There is currently no known workaround to the issue since it is inherent
to the easter chocolate eggs design.

FSA2012-1:
1. Summary
Impact: high
Exploitability: local
Synopsis: Through some special unintended actions and attacker can craft
trojanized chocolate easter egss whose contents won't be realized by the
attacker until it has happened.

2. Impact
Backgorund:
Chocolate easter eggs are a treat liked by both children and adults
during and eaten most frequently during easter.

Description:
It is possible to craft eggs containing the desired solid objects or
half of its contents filled with other products in not solid state. This
is done by joining both moulded egg halves together with the contents on
one of them, or coating the object in chocolate if it is eggshaped.

Impact:
Trojanized eggs can be used to affect through social engineering
techniques to standard chocolate eggs eaters causing them to redirect
all their rage towards you. In critical cases like allergies the
individual may end up dying. There have been cases where shelled hard
boiled eggs where coated in crocant chocolate in order to send the
affected user to the hospital.

3. Workarounds:
There is currently no known workaround to the issue since it is inherent
to the easter chocolate eggs design.

Thanks:
ss23
Vinky




Download attachment "signature.asc" of type "application/pgp-signature" (263 bytes)

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ