Advisory : CORELAN-10-023
Disclosure date : 15th Apr 2010
CVE-2010-1687
0x00 : Vulnerability information
[+] Product : Mocha LPD
[+] Version : 1.9
[+] Vendor : http://www.mochasoft.dk/
[+] URL : http://www.mochasoft.dk/lpd.htm
[+] Type of vulnerability : Remote Buffer Overflow
[+] Risk rating : Low
[+] Issue fixed in version : none
[+] Vulnerability discovered by : mr_me
[+] Greetings to : The Corelan Security Team (http://www.corelan.be:8800/ind…..m-members/)
0x01 : Vendor description of software
From the vendor website:
Mocha W32 LPD is a 32-Bit Print Server application for Windows-95/98/2000 or XP Workstations. It works as a LPD server, giving your AS/400 or UNIX system access to local Printers on the Windows platform.
Price information
25 USD (~20 EUR)
0x02 : Vulnerability details
Remote Stack Overflow:
When the server application recieves a malicous 'recieve jobs' request it fails to properly sanitize the request resulting in a stack based buffer overflow.
0x03 : Vendor communication
10th Apr, 2010 : Vendor contacted
10th Apr, 2010 : Vendor declines help and threatens with lawsuit
12th Apr, 2010 : Vendor contacted again, tried to convince him to work with us
12th Apr, 2010 : Vendor declines help again, states that he does not care about the bug
15th Apr, 2010 : Public Disclosure