-----BEGIN PGP SIGNED MESSAGE----- ============================================================================ CERT* Advisory: CA-98.08.DJYG-Party Original issue date: July 08, 1998 Topic: Party Vulnerability ---------------------------------------------------------------------------- The CERT Coordination Center has received reports of a potential security vulnerability in 101 High Mount, Station Road, Hendon, that will allow a determined intruder to gain root access between 1600 hours and 2200 hours on Sunday the 19th of July. As we receive additional information relating to this advisory, we will place it at: http://www.caliginous.com/party/ http://www.yoz.com/party/ ---------------------------------------------------------------------------- I. Description 101 High Mount contains a vulnerability which can be exploited by users running with guest access to compromise front-door security. An example command line exploit is presented below: $ /usr/bin/doorbell $ echo "Oi, let us in, you bastards!" > /dev/speaker $ cd ~yoz&dan/ Remote access to 101 High Mount (off Station Road, NW4) can be gained using the following transport protocols: A. Northern Line to Hendon Central, then 5 min. walk up Vivian Avenue and down Station Road B. BR to Hendon, then 2 min. walk up Station Road C. Car/Bike up Edgware Road or Hendon Way D. Tectonic shift (inadvisable due to excessive latency) Remote audio data can also be sent/received by routing packets through 0181.202.8799. II. Impact Unauthorised, non-priveleged users can cause utter mayhem or even a slightly good time. Denial of service attacks on participating braincells can be affected by bombardment of alcohol and bass. III. Solution Though not much technical information has been forthcoming, CERT suggests the following as possible workarounds: A. Restart the "turntables" process after replacing the file /etc/dj/small-squeaky-perl-hacker with goateed-grungy-Levellers-fan. B. Install the "cherry-brandy" package from the distribution tape. C. Remove all entries for 19/07/98 from Yoz and Dan's PalmPilots, thus preventing the security hole from opening. D. Send a warning mail to porter@highmount.nw4 complaining of the noise (even if before 11pm decibel cut-off) E. Disable ActiveX controls in Microsoft Internet Explorer. Nothing to do with the party, they're just shit. CERT advises all administrators of potentially vulnerable systems to seek appropriate patches from their vendors, or even better, large cans from alcohol vendors. ---------------------------------------------------------------------------- The CERT Coordination Center thanks Daniel Jacobs and Yoram Grahame for providing information for this advisory. ---------------------------------------------------------------------------- If you believe that your system has been compromised, contact the CERT Coordination Center or your representative in the Forum of Incident Response and Security Teams (see http://www.first.org/team-info/). CERT/CC Contact Information ---------------------------- Email cert@cert.org Phone +1 412-268-7090 (24-hour hotline) CERT personnel answer 8:30-5:00 p.m. EST(GMT-5) / EDT(GMT-4) and are on call for emergencies during other hours. Fax +1 412-268-6989 Postal address CERT Coordination Center Software Engineering Institute Carnegie Mellon University Pittsburgh PA 15213-3890 USA Using encryption We strongly urge you to encrypt sensitive information sent by email. We can support a shared DES key or PGP. Contact the CERT/CC for more information. Location of CERT PGP key ftp://ftp.cert.org/pub/CERT_PGP.key Getting security information CERT publications and other security information are available from http://www.cert.org/ ftp://ftp.cert.org/pub/ CERT advisories and bulletins are also posted on the USENET newsgroup comp.security.announce To be added to our mailing list for advisories and bulletins, send email to cert-advisory-request@cert.org In the subject line, type SUBSCRIBE your-email-address -------------------------------------------------------------------------- Copyright 1998 Carnegie Mellon University. Conditions for use, disclaimers, and sponsorship information can be found in http://www.cert.org/legal_stuff.html and ftp://ftp.cert.org/pub/legal_stuff . If you do not have FTP or web access, send mail to cert@cert.org with "copyright" in the subject line. *CERT is registered in the U.S. Patent and Trademark Office. -------------------------------------------------------------------------- -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBNX2Wy3VP+x0t4w7BAQEfzQP+L5Ffb8F0WytM7jpLxbTD3Ft0Yrvv/ZUv ekltUlT26Q0u2k7llZfXKTiQ0AFFpYULMUl17XFtT2CjBaWvMpttWCBVy2oWdVOZ xQAJYAMLZdB2jNmIcHAl+poRtIIIO/iSaCuNtzBOAbq3debzBOAbq3aJsbA/2zk9 6OUCIItvraM= =c/k6 -----END PGP SIGNATURE-----