Zero Day Found for Universal Turing Machine (CVE-2021-32471) (theregister.com) 46
xanthos (Slashdot reader #73,578) writes: Our friends over at The Register are reporting a zero day vulnerability for one of the earliest modern computer architectures.
Pontus Johnson, a professor at the KTH Royal Institute of Technology in Stockholm, Sweden, has published what amounts to a sql injection attack on the 1967 implementation of the simulated Universal Turing Machine (UTM) designed by the late Marvin Minsky. The exploit allow an arbitrary program to be run in place of the intended one. It has been dutifully documented as CVE-2021-32471. At this time there is no patch or workaround.
Pontus Johnson, a professor at the KTH Royal Institute of Technology in Stockholm, Sweden, has published what amounts to a sql injection attack on the 1967 implementation of the simulated Universal Turing Machine (UTM) designed by the late Marvin Minsky. The exploit allow an arbitrary program to be run in place of the intended one. It has been dutifully documented as CVE-2021-32471. At this time there is no patch or workaround.
Re:Minsky (Score:5)
You know what? The first thing I thought when I read "Marvin Minski" was "How long before idiots steer the discussion towards the subject of his creepy acquaintances?" Turns out, none at all.
What a bummer. This looks interesting technically. But no: let's wallow in the mud instead.
Re: (Score:1)
OMBad is a chimp and would rather scream and wipe feces on everything than discuss anything of substance. He's saddled himself with an increasingly irrelevant name and to evolve he must abandon that account and start over. sad
Re: Minsky (Score:2)
Thanks for bringing up Minsky's relationship with Epstein, yours is the only post about it on alterslash, so to you and your mods, good job reminding everyone.
Please stop writing "vuln" (Score:1, Insightful)
It's so stu. And then why not also write "art int"?
Re: (Score:2)
Fortunately... (Score:5, Funny)
Re: (Score:2)
That doesn't prevent a physical attack though. Do you completely trust everyone you let near your Turing machines? Do any of them call you "comrade" or mention bitcoin a lot?
Re: (Score:2)
Your hammer has a "zero day" exploit, it can be swung at things you didn't intend.
Re: (Score:2)
Which is why I go to sleep wearing gloves. Gotta protect my thumbs from that risky hammer.
Re: (Score:2)
That doesn't prevent a physical attack though.
Yup. Beware the evil-domestic-servant-attack on the Turing machine sitting in your drawing room.
Re: (Score:3)
>... none of my Turing machines is connected to the internet.
mine are, but only through a firewall on my Analytical Engine . . .
Re: (Score:2)
Mod up :)
Lameness off!
Re: (Score:2)
Mod parent up!
Re: (Score:2)
You need to watch out for side channel attacks, by the grad student interns in the cubicles next to you and by the cleaning lady.
Hmm.. Something Nerdy for a change! (Score:5, Insightful)
Even if it doesn't affect many people.
Re:CVE? As in Common Vulnerability and Exposure? (Score:5, Informative)
A sanitization bug in a 50+-year-old simulator doesn't seem to qualify as "common" in any kind of usual usage.
It's not the bug that is common, it's the list that's in common, as in the sense of a public good.
Re: CVE? As in Common Vulnerability and Exposure? (Score:2)
OTOH giving a universally understood unique identifier to a particular vulnerability (even a purely theoretical one like this) makes the vulnerability easier to refer to, and therefore easier to discuss and learn from. There is some benefit to that.
Re: (Score:1)
Filling it up with trivial bugs in 50-year-old programs
Your definition of "Filling it up" does not match the definition used by the rest of the world.
Rest assured, the thing you are concerned about is not happening.
Re: (Score:3)
I'm not even convinced it is a bug.
Did the specification include not allowing the user to screw up the operation? If not, there is no bug, there is just the observation that old software wasn't protected against faulty operational inputs.
Late April Fools (Score:2)
One of the programming challenges at SPOJ involves writing code in .bf, where input validation is practically infeasible. While there wasn't a chance for arbitrary code, an unexpected value could still disrupt the program. With other esoteric programming languages, input validation would be a luxury, and it's no surprise that something theoretical would come out.
When I followed a few links, I came across a sample exploit [github.io], but I don't see why it's an exploit, nor do I understand what said machine is trying t
Re: Late April Fools (Score:2)
I don't think this is a matter of utility but novelty. They said there is no patch and I wonder if it's a matter of fundamental hardware design. I am not to familiar with the architecture but I have a feeling it's virtually single user, so either the user is effectively already by default a super user or the system has minimal design in terms of user access. In such an environment, the exploit is really just the novelty of finding it. It likely affects no more than hobbists and at best it could be used
Re: (Score:2)
writing code in .bf, where input validation is practically infeasible.,
You just need a halfway decent macro processor, and the language is fine.
Re: (Score:2)
Or creating an input subroutine rather than doing input directly. It's not like I was required to use .bf, there was also the choice of Intercal which gets close to implementing that feature.
Re: (Score:2)
Re: (Score:2)
That's a good question. The answer is likely to revolve around whether or not you can build up reusable primitives that the macro processor can reuse.
For example, if you can write code to print a string to the terminal, then the macroprocessor can use that and you now only have to write once command to print a string. This is similar to what we do with assembly: build primitives and reuse them instead of writing raw assembly every time.
Re: (Score:2)
I would suggest m4 then :P
Re: (Score:2)
I've seen it done before [zerobugsan...faster.net].
Although I would say that m4 is a halfway decent macro processor ;)
OpenSSL 1.0.2 will still be running somewhere ... (Score:2)
Re: (Score:2)
Not necessarily. If it's been patched and configured properly it might be fine.
Turing Machines ... (Score:2)
Re: (Score:3)
That's not what "zero day" ever means. "Zero day" means that the flaw is unknown to people who would care about limiting its security effects. In this case, nobody cares, so there's no audience for whom it would be "zero day".
Bug bounty reward on its way... (Score:2)
In the meantime, we need your banking information for international shipping and processing fees... you know, so their respective estates can also reward you with the prize money.
There's nothing to worry about... (Score:2)
NO CARRIER
Re: (Score:2)
Look, I'm replying from my Universal Turing Machine, clearly it is safe from atta
NO CARRIER
I have 1 mod point left today. You don't get to have it. Some Slashdot memes deserve to die.