Can you hack a PSP?
It appears so. Secunia has listed a “moderately critical” advisory for Sonys game machine using firmware 2.0. Evidently a “specially crafted” TIFF file can crash the puppy due to a boundary error in the TIFF library and thus cause a denial of service.
Evidently, there is a well-known bug in libTIFF 3.x that causes a boundary overflow using the BitsPerSample variable. This was first reported in May. While the libTIFF itself has been patched by vendors, it seems Sony hasnt. (Can you even patch a PSP?)
There seems to be no workaround even with an exploit published, save not opening those “untrusted” TIFF files. Or get a Nintendo.
April in Redmond
Thats when a Trojan that works on Microsoft Offices Jet Database Engine was first reported to them by HexView. Secunia called it “highly critical” in April. There has been no workaround or patch forthcoming from Microsoft for this vulnerability as of this date, even though both Windows 2K and Windows XP are at risk.
Symantec recently issued an advisory about the Trojan (called “Backdoor.Hesive”) that shows up as a Microsoft Access file. There is a memory handling error when parsing database files, according to Secunia, so the Trojan works by getting the user to open a “specially crafted” .mdb file that can let the remote user commandeer the computer.
Since there are no patches or workarounds, youre on your own here.
The Fat Lady Has Sung
You just cant let a Dane into the opera. Well, Secunia into Opera Mail, anyway. (See, Secunia is in Denmark and … oh, just forget it.)
Anyway, Secunias crack research division (or just Jakob Balle and Michael Krax) found some vulnerabilities in Opera 8.02s Mail client that can be used to perform script insertions and spoof names of attached files.
Heres what they found: First, arbitrary JavaScript can be executed by opening them directly from the users cache directory (in context of file://).
Second, filename extensions are usually determined by the “Content-Type” field in Opera Mail. However, by appending an additional period to the end of a filename, an arbitrary type of file could be spoofed. You could think you were opening a JPG file, when it was really HTML, for example. All with one little period.
The two vulnerabilities combined may be exploited to conduct script insertion attacks if the user chooses to view a spoofed attachment resulting in disclosure of local files.
The problems were first reported to the vendor in private 20 days before the public notification was made.
The FrSIRT calls the problems “moderately critical.”
Fortunately, upgrading to Opera 8.50 makes all the bad gremlins go away.
Larry Loeb was consulting editor for BYTE magazine and senior editor of WebWeek. He serves as a subject matter expert for the Department of Defenses Information Assurance Technology Analysis Center, and is on the American Dental Associations WG-1 and MD 156 electronic medical records working groups. Larrys latest book is “Hackproofing XML,” published by Syngress (Rockland, Mass.). If youve got a tip for Larry, contact him at nospamloeb-pbc@yahoo.com.
Check out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzers Weblog.