Why would you realease something like this without telling the vendor? What you did is irresponsible.
On Tue, Apr 1, 2008 at 12:18 AM, Nate McFeters <[EMAIL PROTECTED]> wrote: > Hahaha, nice find. > > On 4/1/08, I)ruid <[EMAIL PROTECTED]> wrote: > > > > ____ ____ __ __ > > / \ / \ | | | | > > ----====####/ /\__\##/ /\ \##| |##| |####====---- > > | | | |__| | | | | | > > | | ___ | __ | | | | | > > ------======######\ \/ /#| |##| |#| |##| |######======------ > > \____/ |__| |__| \______/ > > > > > > Computer Academic Underground > > http://www.caughq.org > > Security Advisory > > > > ===============/======================================================== > > Advisory ID: CAU-2008-0001 > > Release Date: 04/01/2008 > > Title: Slowly Closing Door Race Condition > > Application/OS: Physical Structures > > Topic: Physical structures employing exit doors with locks > > are vulnerable to a race condition. > > Vendor Status: Not Notified > > Attributes: Physical, Race Condition > > Advisory URL: http://www.caughq.org/advisories/CAU-2008-0001.txt > > Author/Email: CAU <advisories (at) caughq.org> > > ===============/======================================================== > > > > Overview > > ======== > > > > Physical structures which employ automatically locking doors to secure > > exit points expose a race condition which may allow unauthorized entry. > > > > > > Impact > > ====== > > > > Malicious outsiders may be able to enter a structure via an exit point. > > > > Exit points may additionally provide an exit from a secure area of the > > structure, allowing an outsider entering through the exit point to gain > > direct access to the secure area. > > > > > > Affected Systems > > ================ > > > > Physical structures which employ automatically locking doors at exit > > points of the structure. > > > > > > Technical Explanation > > ===================== > > > > An exit's lock[1] generally converts a two-way door into a one-way > > door, allowing a person to traverse the door's threshold in one > > direction but not in the other. These types of locks are used to > > secure exit points of structures so that people may exit via the door > > but not re-enter without disabling the lock through force or > > authentication. > > > > When a person exits the structure through an exit point which is > > secured by such a mechanism, a race condition exists wherein a > > malicious outsider may be able to reach the door and enter through it > > before it closes and locks itself. > > > > Many doors, especially heavier ones, also employ closing mechanisms[2] > > which are designed to cause the door to close slowly so as not to slam > > the door shut and damage the door frame, or damage any human appendage > > which may be in between the door and it's frame. Such closing > > mechanisms can greatly increase the amount of time that the race > > condition exists. > > > > > > Solution & Recommendations > > ========================== > > > > 1) Always ensure that personnel exiting an exit door wait outside the > > door until it has completely closed and locked before walking > > away. > > > > 2) Employ a double door system such as is used in an air-lock where > > the interior door must be secured prior to the exterior door being > > allowed to open. > > > > > > Exploitation > > ============ > > > > First identify the exit point that you want to exploit. Stand at a > > safe distance during a high-traffic time and watch for people to use > > the exit point. Time how long it takes for the door to close and > > lock itself when someone traverses the exit point. > > > > Next, identify a safe hiding place near the exit point, preferably > > in a direction that would be behind a person exiting the door, but > > which is within a distance to the exit point which you could traverse > > in under the door's closing time at a brisk pace or run. > > > > Finally, hide in this location during a lower traffic time and wait > > for someone to utilize the exit point. After they have exited the > > door and are walking away, run to the door and enter before it has > > closed and locked. Extra points are awarded for a spectacular dive > > and/or roll to catch the door at the very last second. > > > > > > References > > ========== > > > > [1] http://en.wikipedia.org/wiki/Lock_%28device%29 > > [2] http://en.wikipedia.org/wiki/Door_closer > > > > > > Credits & Gr33ts > > ================ > > > > Theodor Geisel, AHA!, NMRC, Uninformed Journal, dc214 > > > > > > -- > > I)ruid, CĀ²ISSP > > [EMAIL PROTECTED] > > http://druid.caughq.org > > > > _______________________________________________ > > Full-Disclosure - We believe in it. > > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > > Hosted and sponsored by Secunia - http://secunia.com/ > > > > > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > -- -- h0 h0 h0 -- www.nopsled.net
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
