/* begin forwarded message --
Advisory: Buffer Overflow in Instant Lunch
Author: optiklenz
legions.org/~optik
Contact: [EMAIL PROTECTED]
[EMAIL PROTECTED]
"At two minutes and thirty seconds the darn thing overflows"
Overview: "As a [hot] snack or delicious meal-anytime"
I came home and was hungry, and had to get to work
right away so I popped a Instant Lunch in the microwave
the end results will shock you!.
The cover of Maruchan's Instant Lunch says ready in 3 minutes.
that is definitely not the case. Upon completing
extensive research I found that during the second minute Instant
Lunch is susceptible to a buffer overflow. The directions on the
back are as follows:
1. Fold back lid half way. fill to inside line with "boiling" water
2. Close lid "securely" and let stand 3minutes.
3. Remove lid, stir and enjoy from cup.
There is absolutely no truth in the above process, and I have written
Maruchen himself, and have asked him to re-write the instructions on
how to prepare the noodles. My remarks on their directions below:
1. If the waters already boiled why would they put the Instant lunch
in the microwave?! HUH? HUH? This is clearly an error on your
part.
2. During my research I found that even placing a metal object on top
of my Instant Lunch didn't keep the water from overflowing once it
hits the two and a half minute mark. It did however start shooting
sparks off everywhere. I will have to investigate this some more.
3. "enjoy" Yes enjoy a nice mess... (assholes).. I'm sorry
I didn't mean to call you assholes it's just sometimes I get
emotional
over certain topics.
Remotely Overflowing the Water:
My microwave has a USB port so I was able to create an application
that would control the microwave from a computer in my room.
Example:
[darkone] ps -aux
microwave 3 0.0 0.5 1692 948 pts/3 S 19:23 0:00 -
instant_lunchd
[darkone] ./instant_lunch microwave offset 31337 Total_Fat 12g
\x8d\x5e\x17 0:3/0;
8/FF; F/'b1100X1X0;.../micro/
Water overflowed....
This seems to effect Cup O Noodles too, but I'll have to do more testing.
The versions of Instant Lunch I've tested thus far are
Roast Beef Flavor
Chicken Vegetable Flavor
Creme of Chicken Flavor
California Flavor
Solution:
There is currently no patch or fix for this overflow.
There is however a fix for remote attacks. Simply comment out
microwave services in inetd.conf.
----------------------------------------------------
optiklenz was Interviewed by Bob Mathers of the
Daily Food.
------------------------------------------------------
<Bob> so what do you say to the vendors
that make these seemingly wholesome food
products.
<optiklenz> Well Bob I say that had they done proper
testing we'd have much more happy noodle eaters.
<Bob> Is this a high risk?
<optiklenz> Your damn skippy Bob. I mean innocent
people are being hurt by the hot water
that spews from these poor excuses of
a lunch time meal. It's also painful
to see people traumatized by the lack
of flavor that is expected in every bite
do to some of it escaping with the overflow.
<Bob> How big is the problem
<optiklenz> As far as I know this is an international
incident. I did a study and apparently
90% of these food products are vulnerable
to this overflow. People everywhere eat
Instant Lunch... china, iraq, yogoslavy
<Bob> People like you should be rewarded for your
research yet you do this for free am I correct?
<optiklenz> It's all apart of making this world a safer
place Bob. I mean If I don't let people know
about these serious issues someone can maliciously
buffer overflow someone's food. Their only source of
nutrition. People are dying Bob!
<Bob> Well there you have it folks.. optiklenz.. A hacker a hero.
A modern day saint. That's all we have for tonight. Tune in
next time when we'll bring you an inside look at how cows are
slaughtered with a special guest appearence from the cDc.
OPTIK FOR PRESIDENT IN 2000
-- end forwarded text */
Note: this is still unconfirmed, however if you're allowing outside access
to your microwave through your firewall, don't say you haven't been
advised. For instance, in the interim, until a vendor patch arrives, all
our appliances have been taken offline and audited, except the dishwasher,
which has the bo2k plugin installed.
spiff
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
