Super Mario Brothers 2 is not vulnerable to this exploit, as it does not ship with a Bowser.
It is possible to use the Plumber to inject Wart, but only during sleep(3). On Fri, Apr 1, 2011 at 6:59 AM, Nelson Elhage <[email protected]> wrote: > Advisory Name: Plumber Injection Attack in Bowser's Castle > Release Date: 2011-04-01 > Application: Bowser's Castle > Versions: Super Mario Bros., Super Mario Bros.: The Lost Levels > Identifier: SMB-1985-0001 > Advisory: http://blog.ksplice.com/2011/04/smb-1985-0001-advisory/ > > ----------------------------------------------------------------------- > > Vulnerability Overview > ---------------------- > > Multiple versions of Bowser's Castle are vulnerable to a plumber injection > attack. An Italian plumber could exploit this bug to bypass security > measures > (walk through walls) in order to rescue Peach, to defeat Bowser, or for > unspecified other impact. > > Exploit > ------- > > http://www.youtube.com/watch?v=rGshxZ1dYjA > > This vulnerability is demonstrated by > "happylee-supermariobros,warped.fm2" [1]. Attacks using this > exploit have been observed in the wild, and multiple other exploits > are publicly available. > > Affected Versions > ----------------- > > Versions of Bowser's Castle as shipped in Super Mario Bros. [2] and Super > Mario Bros.: The Lost Levels [3] are affected. > > Solution > -------- > > http://www.youtube.com/watch?v=nacFU7ozeZA > > An independently developed patch [4] is available. > > A binary hot patch [5] to apply the update to an existing version is also > available. > > All users are advised to upgrade. > > Mitigations > ----------- > > For users unable to apply the recommended fix, a number of > mitigations are possible to reduce the impact of the vulnerability. > > NOTE THAT NO MITIGATION IS BELIEVED TO BE COMPLETELY EFFECTIVE. > > Potential mitigations include: > > - Employing standard defense-in-depth strategies incorporating > multiple layers of defense, including Goombas [6], Koopa Troopas [7], > Bullet Bills [8], and others. > - Installing poison mushrooms outside your castle [9]. > - Installing a firewall to limit access to affected systems. [10] > - Frequently moving your princess between different castles [11]. > > Credit > ------ > > The vulnerability was originally discovered by Mario and Luigi, of Mario > Bros. Security Research. > > The provided patch and this advisory were prepared by Lakitu Cloud > Security, Inc. The hot patch was developed in collaboration with > Ksplice, Inc. [12] > > Product Overview > ---------------- > > Bowser's Castle is King Bowser's home and the base of operations > for the Koopa Troop. Bowser's Castle is the final defense against > assaults by Mario to kidnap Princess Peach, and is guarded by > Bowser's most powerful minions. [13] > > References > ---------- > > [1] http://tasvideos.org/1715M.html > [2] http://en.wikipedia.org/wiki/Super_Mario_Bros. > [3] http://en.wikipedia.org/wiki/Super_Mario_Bros.:_The_Lost_Levels > [4] > http://blog.ksplice.com/wp-content/uploads/2011/04/smb-1985-0001.patch > [5] > http://blog.ksplice.com/wp-content/uploads/2011/04/patch-smb-1985-0001.sh > [6] http://www.mariowiki.com/Goomba > [7] http://www.mariowiki.com/Koopa_Troopa > [8] http://www.mariowiki.com/Bullet_Bill > [9] http://www.mariowiki.com/Firebar > [10] > http://tvtropes.org/pmwiki/pmwiki.php/Main/YourPrincessIsInAnotherCastle > [11] http://www.mariowiki.com/Poison_Mushrooms > [12] http://www.ksplice.com/ > [13] http://www.mariowiki.com/Bowser%27s_Castle > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ >
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
