Advisory : CORELAN-10-023 Disclosure date : 15th Apr 2010 CVE-2010-1687 0x00 : Vulnerability information [+] Product : Mocha LPD [+] Version : 1.9 [+] Vendor : http://www.mochasoft.dk/ [+] URL : http://www.mochasoft.dk/lpd.htm [+] Type of vulnerability : Remote Buffer Overflow [+] Risk rating : Low [+] Issue fixed in version : none [+] Vulnerability discovered by : mr_me [+] Greetings to : The Corelan Security Team (http://www.corelan.be:8800/ind…..m-members/) 0x01 : Vendor description of software From the vendor website: Mocha W32 LPD is a 32-Bit Print Server application for Windows-95/98/2000 or XP Workstations. It works as a LPD server, giving your AS/400 or UNIX system access to local Printers on the Windows platform. Price information 25 USD (~20 EUR) 0x02 : Vulnerability details Remote Stack Overflow: When the server application recieves a malicous 'recieve jobs' request it fails to properly sanitize the request resulting in a stack based buffer overflow. 0x03 : Vendor communication 10th Apr, 2010 : Vendor contacted 10th Apr, 2010 : Vendor declines help and threatens with lawsuit 12th Apr, 2010 : Vendor contacted again, tried to convince him to work with us 12th Apr, 2010 : Vendor declines help again, states that he does not care about the bug 15th Apr, 2010 : Public Disclosure