< Advisory: Buffer Overflow in Instant Lunch Author: optiklenz legions.org/~optik Contact: optik@shockimaging.com optik@legions.org "At two minutes and thirty seconds the darn thing overflows" Overview: "As a [hot] snack or delicious meal-anytime" I came home and was hungry, and had to get to work right away so I popped a Instant Lunch in the microwave the end results will shock you!. The cover of Maruchan's Instant Lunch says ready in 3 minutes. that is definitely not the case. Upon completing extensive research I found that during the second minute Instant Lunch is susceptible to a buffer overflow. The directions on the back are as follows: 1. Fold back lid half way. fill to inside line with "boiling" water 2. Close lid "securely" and let stand 3minutes. 3. Remove lid, stir and enjoy from cup. There is absolutely no truth in the above process, and I have written Maruchen himself, and have asked him to re-write the instructions on how to prepare the noodles. My remarks on their directions below: 1. If the waters already boiled why would they put the Instant lunch in the microwave?! HUH? HUH? This is clearly an error on your part. 2. During my research I found that even placing a metal object on top of my Instant Lunch didn't keep the water from overflowing once it hits the two and a half minute mark. It did however start shooting sparks off everywhere. I will have to investigate this some more. 3. "enjoy" Yes enjoy a nice mess... (assholes).. I'm sorry I didn't mean to call you assholes it's just sometimes I get emotional over certain topics. Remotely Overflowing the Water: My microwave has a USB port so I was able to create an application that would control the microwave from a computer in my room. Example: [darkone] ps -aux microwave 3 0.0 0.5 1692 948 pts/3 S 19:23 0:00 - instant_lunchd [darkone] ./instant_lunch microwave offset 31337 Total_Fat 12g \x8d\x5e\x17 0:3/0; 8/FF; F/'b1100X1X0;.../micro/ Water overflowed.... This seems to effect Cup O Noodles too, but I'll have to do more testing. The versions of Instant Lunch I've tested thus far are Roast Beef Flavor Chicken Vegetable Flavor Creme of Chicken Flavor California Flavor Solution: There is currently no patch or fix for this overflow. There is however a fix for remote attacks. Simply comment out microwave services in inetd.conf. ---------------------------------------------------- optiklenz was Interviewed by Bob Mathers of the Daily Food. ------------------------------------------------------ so what do you say to the vendors that make these seemingly wholesome food products. Well Bob I say that had they done proper testing we'd have much more happy noodle eaters. Is this a high risk? Your damn skippy Bob. I mean innocent people are being hurt by the hot water that spews from these poor excuses of a lunch time meal. It's also painful to see people traumatized by the lack of flavor that is expected in every bite do to some of it escaping with the overflow. How big is the problem As far as I know this is an international incident. I did a study and apparently 90% of these food products are vulnerable to this overflow. People everywhere eat Instant Lunch... china, iraq, yogoslavy People like you should be rewarded for your research yet you do this for free am I correct? It's all apart of making this world a safer place Bob. I mean If I don't let people know about these serious issues someone can maliciously buffer overflow someone's food. Their only source of nutrition. People are dying Bob! Well there you have it folks.. optiklenz.. A hacker a hero. A modern day saint. That's all we have for tonight. Tune in next time when we'll bring you an inside look at how cows are slaughtered with a special guest appearence from the cDc. OPTIK FOR PRESIDENT IN 2000 -- end forwarded text */ Note: this is still unconfirmed, however if you're allowing outside access to your microwave through your firewall, don't say you haven't been advised. For instance, in the interim, until a vendor patch arrives, all our appliances have been taken offline and audited, except the dishwasher, which has the bo2k plugin installed. spiff -