Pages: [1]
|
|
|
Author
|
Topic: Melnorme Security Advisory: Buffer Overflow in Rem (Read 4554 times)
|
0xDEC0DE
*Many bubbles*
Offline
Posts: 175
|
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Melnorme Security Advisory: Buffer Overflow in Remote Self-Replicating Robot Explorer Probes
Revision 1.0
For Public Release 2154 February 19 at 13:00 UTC
- - ---------------------------------------------------------------------------
Contents
Summary Affected Products Details Impact Software Versions and Fixes Obtaining Fixed Software Workarounds Exploitation and Public Announcements Status of This Notice Revision History
- - ---------------------------------------------------------------------------
Summary =======
A buffer overflow in the priority settings of the Remote Self-Replicating Robot Explorer Probes can be exploited locally to gain administrative privileges on the client system. The vulnerability can be mitigated by advising customers to not adjust the priorities from their vendor-provided settings. 2420-series probes are not affected.
The vulnerability has been repaired in version C. The Melnorme are making fixed software available for a small fee to affected customers. This issue is documented as MSSdx39290. The Melnorme are not aware of any public discussion or active exploitation of this vulnerability.
Affected Products =================
This vulnerability affects models 2419 and earlier of the Remote Self-Replicating Robot Explorer Probes
It does not affect the 2420-series Self-Replicating Robot Explorer Probes No other Melnorme product is affected.
Details =======
The Remote Self-Replicating Robot Explorer Probes have various tasks that they can perform when exploring and analyzing data. Priorities can be set on behaviours to alter the types of data collected, allowing for unprecedented flexibility in a hostile universe.
If an overly-large priority is given to a task, a buffer overflow occurs that overwrites all other priorities on the stack, causing the probe's behaviour to become erratic. The contents of the overly-large priority could be crafted to execute arbitrary instructions. The buffer overflow can only be exercised by adjusting the priorities directly on the local system.
In lieu of installing fixed software, the vulnerability can be mitigated by advising customers to not adjust the priorities from their vendor-provided settings. This cannot prevent the buffer overflow from occurring, but limits the simple range of damage that could occur.
The problem has been resolved by adding better tests for buffer overflows and by removing unnecessary tasks from the run queue in the software package as provided.
This vulnerability is documented as MSSdx39290.
Impact ======
The vulnerability could be exploited by a local user to execute arbitrary instructions. If the affected probe is released with elevated priorites, the instructions will execute with administrative permissions and could be used to modify any part of the system without authorization. The priorities are set by default in the software package as supplied by the Melnorme.
Software Versions and Fixes ===========================
This vulnerability was found and reported in the Remote Self-Replicating Robot Explorer Probes 2419, and has been confirmed internally in the 2418 models. It has been repaired in version C for those affected platforms and is available immediately. All previous versions on the affected platforms are considered vulnerable. The fixes will be carried forward into all future versions.
Obtaining Fixed Software ========================
The Melnorme are making fixed software available for a small fee to all affected customers.
Customers with contracts should obtain upgraded software through their regular update channels. For most customers, this means that upgrades should be obtained through the Software Center on the Melnorme's galactic website at http://www.star-control.com/.
Customers whose Melnorme products are provided or maintained through prior or existing agreement with third-party support organizations such as the Crimson Coporation, authorized resellers, or service providers should contact that support organization for assistance with the upgrade, which may be free of charge.
Workarounds ===========
The vulnerability can be mitigated by instructing customers to leave the default priorities in place, or perhaps not mentioning that the settings can be changed at all.
Note: The workaround shown above does not prevent the buffer overflow from occurring. It merely limits the range of the simple damage that can occur if the overflow is exploited. Traders are urged to upgrade to fixed versions of the probes as soon as possible.
Exploitation and Public Announcements =====================================
The Melnorme Security Services are not aware of any malicious exploitation nor public discussion of this vulnerability.
This issue was reported directly to the Melnorme by Taupe and Sepia of Melnorme Security Services.
Status of This Notice: FINAL ============================
This is a final notice. Although the Melnorme cannot guarantee the accuracy of all statements in this notice, all of the facts have been checked to the best of our ability. The Melnorme do not anticipate issuing updated versions of this notice unless there is some material change in the facts. Should there be a significant change in the facts, the Melnorme may update this notice.
Revision History ================
+---------------------------------------------------------------------+ |Revision 1.0 |2154/02/19 |Initial public release. | +---------------------------------------------------------------------+ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux)
iD8DBQFAnx2loCl+QpiavF8RAm4gAJ43MYPVj9ozH2qaQOKqiTZdKxa/lQCcCbfA 0EyU/XY4vls+PbvbUndxgJ4= =WGDS -----END PGP SIGNATURE-----
|
|
|
Logged
|
"I’m not a robot like you. I don’t like having disks crammed into me… unless they’re Oreos, and then only in the mouth." --Fry
|
|
|
|
Culture20
Enlightened
Offline
Posts: 917
Thraddash Flower Child
|
When are the Melnorme going to make a general service pack for these security flaws? I'm tired of applying multiple patches to new probes. And sending the probes out into hyperspace for the Melnorme to auto-update doesn't help either, because once they're in hyperspace, they start replicating.
|
|
|
Logged
|
|
|
|
|
|
Art
Guest
|
Hee. What's telling about this whole thing is that the Melnorme *are* aware of what's going on with the Slylandro but choose not to intervene directly. Instead they *sell* the *humans* the information they need to warn the Slylandro.
Admittedly the problem isn't that huge since the probes have got that fail-safe self-destruct. Still, you'd think the Melnorme hire tech support people to crawl the galactic nets and advise customers of these issues, as part of the warranty...
(Imagine Microsoft withholding customer information from the FBI and charging millions of dollars before they'll tell them what they know about where the myDoom virus is coming from. It'd be a hoot.)
|
|
|
Logged
|
|
|
|
zixyer
Zebranky food
Offline
Posts: 22
I love YaBB 1G - SP1!
|
When you think about it, this puts the Melnorme on a Druuge-like level -- I mean, the probes are actually killing people, the Melnorme know how to stop them, but don't because it wouldn't be profitable.
|
|
|
Logged
|
|
|
|
Art
Guest
|
Well... there is an argument to be made that even in the case of the probes they didn't do anything directly to cause the disaster, just gave the power to other people... and who would predict that the Slylandro would try to set the slider to 999?
The ethics are indeed murky, but the Melnorme have a point -- if you're gonna be a trader at all there's some point at which you give over responsibility for the stuff you sell to the people you sell it to. I presume the self-destruct code was uniquely programmable by the user, and they didn't have a policy of keeping a company fail-safe because no one would buy it if they did because of security fears (witness the problems Microsoft has controlling Windows exploit viruses because the Fourth Amendment keeps them from force-pushing patches on people, even though they try to get as close to it as they can). And... well... who knows, maybe their resources are incredibly limited and it's more efficient for you to warn the Slylandro than them...
|
|
|
Logged
|
|
|
|
Bobucles
Guest
|
Well, you forget that in 4 years, the meta-chondron predits the eradication of all life in this sector of the galaxy. It would be a waste of resources to stop a little threat like the probes, when a greater threat like the Khor-Ah are still around. At the very least, the probes could hinder the Khor-Ah assault, at least a little bit.
The melnorme made the probe- it they meet any probes, they can cause the self-destruct sequence. Also, they seem to have set up camp in every huge star system. What if that is where most of the matter is? They could be defending potential probe hives from them.
Or... the Melnorme could be defending the supergiant star systems from the Mycon.
Or... the Melnorme have tons of antimatter at their disposal. Tons and tons and tons and tons. If the **** really hit the fan, they could throw all that antimatter into all those supergiant stars.... and eradicate all life in the Galaxy. The combined radiation from the super-super novas could have the potential to do that. Heck, that kind of energy could collapse all of hyperspace. Yes, it'd be bad for business, and they may destroy the rainbow worlds as well, but it's better than letting the Khor-Ah spread out everywhere.
But I guess this would be another topic to discuss.
|
|
|
Logged
|
|
|
|
Pages: [1]
|
|
|
|
|