CERT Parody....AIBO vulnerability

CERT Parody....AIBO vulnerability

Post by Fuzzy Log » Fri, 14 Jul 2000 04:00:00



To:BugTraq
Subject:CERT Advisory CA-2000-69
Date:Mon Jul 10 2000 04:00:16
Author:Jamie Rishaw

CERT Advisory CA-2000-69 AIBO Authentication Algorithm Corruption
Vulnerability

   Original Release Date: July 10, 2000
   Last Revised: --
   Source: CERT/CC

   A complete revision history is at the end of this file.

Systems affected

   * AIBO ERS-110 Aperios OS
   * AIBO ERS-111 Aperios OS

Overview

   A vulnerability involving the Visual authentication algorithm has
recently
been identified in the Sony, Inc. "AIBO" Entertainment Robot.  Owners of
AIBO
Robots are encouraged to upgrade their Aperios DogOS soon as possible.

   The AttackBite() control has a serious vulnerability that allows remote
intruders within earshot of AIBO to execute arbitrary code.  Scripts are
proliferating the Internet with new routines such as PeeOnRug(),
ShoeChew(),
KillTheCat() and AttackOwners*s().  The latter, classified by CERT as
a "Denial of Service" attack, is most vicious, and for this reason CERT
encourages immediate patch implementation.  Some common cicrumstances under
which this vulnerability can be exploited are addressed by the Sony patch;
others are not.

I. Description

   There are at least three distinct vulnerabilities in the ERS-110 and
ERS-111 implementation of the Aperios software.  All of these
vulnerabilities
may be exploited to effect Quicker-Picker-Upper and Owner Discomfort
attacks
with varying degrees of severity.  Owners are advised, until patch
completion,
to guard themselves, and to have extra paper towels on hand.

   - The AIBO Sound Controller, when configured to play Britney Spears'
"Oops, I Did It Again," will cause AIBO to lift a hind leg and
spontaneously
leak battery juice on the floor, simulating a urination (female ERS-110
models "squat" during this exploit).

   - The buffer used to hold the variable MyOwner in the function
process_face() can be overflowed, reverting AIBO into experimental
AiboPitBull code.  When combined with the Sound Controller's Performance
Mode signal, unpatched AIBO units can receive arbitrary code, and multiple
reports of owner emasculation have been reported.

   - (Unverified) Owners who accidentally have left their television on
late
at night have reported incidents of AIBO attacking their small children
and pets within minutes of the airing of "Tom Vu's Real Estate Seminar,"
The Story of A Vietnamese Immigrant's rags-to-riches Infomercial.

   - Two reports have been submitted where a race condition involving
Tom Vu's Real Estate Seminar and presence of Richard Simmons' "Farewell
to Fat" have caused AIBO units to "die".  We are still investigating this.

II. Impact

   Depending on the version of AIBO, the environment in which it is
running,
and the particular vulnerability that is exploited, a remote attacker can
cause one or more of the following:

   - The AIBO to attack its owner,
   - The AIBO to wake, walk off its base station and attack children/pets,
   - The AIBO to generate *-Body-Fluid and/or Excretion, and/or
   - The AIBO to die.

III. Solution

   Upgrade your version of AIBO Aperios DogOS

  If you are running vulnerable Aperios and cannot upgrade, you are
strongly advised to remove the battery from AIBO's behind and contact
Sony for more assistance.

Appendix A. Vendor Information

Sony, Inc.

  Please see

  http://www.veryComputer.com/

Richard Simmons

  Please see

  http://www.veryComputer.com/

   _________________________________________________________________

   The CERT Coordination Center thanks your Mom and Eva Peron for their
   help in developing this advisory.
   _________________________________________________________________


   _________________________________________________________________

   This document is available from:
        http://www.veryComputer.com/
   _________________________________________________________________

   (This is a spoof, if you haven't gotten it by now)
   _________________________________________________________________

CERT/CC Contact Information


          Phone: +1 412-268-7090 (24-hour hotline)
          Fax: +1 412-268-6989
          Postal address:
          CERT Coordination Center
          Software Engineering Institute
          Carnegie Mellon University
          Pittsburgh PA 15213-3890
          U.S.A.

   CERT personnel answer the hotline 08:00-20:00 EST(GMT-5) / EDT(GMT-4)
   Monday through Friday; they are on call for emergencies during other
   hours, on U.S. holidays, and on weekends.

Using encryption

   We strongly urge you to encrypt sensitive information sent by email.
   Our public PGP key is available from

   http://www.veryComputer.com/

   If you prefer to use DES, please call the CERT hotline for more
   information.

Getting security information

   CERT publications and other security information are available from
   our web site

   http://www.veryComputer.com/

   To be added to our mailing list for advisories and bulletins, send

   your-email-address in the subject of your message.

   * "CERT" and "CERT Coordination Center" are registered in the U.S.
   Patent and Trademark Office.

   * "CERT" and "CERT Coordination Center" had absolutely nothing to
   do with this advisory, and do not support it.  It's a parody.

   NO WARRANTY
   Any material furnished by Carnegie Mellon University and the Software
   Engineering Institute is furnished on an "as is" basis. Carnegie
   Mellon University makes no warranties of any kind, either expressed or
   implied as to any matter including, but not limited to, warranty of
   fitness for a particular purpose or merchantability, exclusivity or
   results obtained from use of the material. Carnegie Mellon University
   does not make any warranty of any kind with respect to freedom from
   patent, trademark, or copyright infringement.
   _________________________________________________________________

   Conditions for use, disclaimers, and sponsorship information

Revision History
July 10, 2000: Initial Release

--
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Fuzzy Logic                         http://www.veryComputer.com/

 
 
 

1. Adobe, CERT post responses to recent PDF vulnerability report

Hi all,

Thought this might be of interest to the group...

The CERT Coordination Center, a major reporting center for
Internet security problems, has issued a Vulnerability Note
on the matter raised last week by ElcomSoft Co. Ltd.
regarding potential PDF security vulnerabilities. In
conjunction with the CERT posting, Adobe Systems has issued
its own official Vendor Statement on the recent allegations,
which it disputes as "theoretical" and "misleading."

Full story: http://www.planetpdf.com/mainpage.asp?webpageid=2910

Best,
Dan

Dan Shea - Planet PDF Evangelist

http://www.planetpdf.com/
http://www.pdfstore.com/
Planet PDF & PDF Store - A World of
Acrobat/PDF Resources & Software

2. anyone using DOMSAX IX APIs?

3. Understanding Cert's SNMP Vulnerabilities Suite

4. Looking for Type-Designer full version please........

5. CERT Advisory CA-96.03 - Vulnerability in Kerberos 4 Key Server

6. Dial-up internet access through a LAN with a gateway

7. CERT(sm) Advisory CA-96.03 - Vulnerability in Kerberos 4 Key Server

8. HW RAID 5

9. Solaris 8 & login vulnerability CERT 2001-34

10. Sony refurbished Aibo and "Panda Aibo" Long Long

11. ANNOUNCE: Tic-T'Aibo v1.0: Tic-Tac-Toe Game for the Aibo!

12. Thawte certs vs. VeriSign certs: free and stronger vs. $9.95 and weaker

13. spongebob squarepants (kretinoi parody)