Mocha LPD 1.9 Remote Buffer Oveflow

2010.05.06
Credit: mr_me
Risk: Medium
Local: No
Remote: Yes
CWE: CWE-119


CVSS Base Score: 5/10
Impact Subscore: 2.9/10
Exploitability Subscore: 10/10
Exploit range: Remote
Attack complexity: Low
Authentication: No required
Confidentiality impact: None
Integrity impact: None
Availability impact: Partial

Advisory : CORELAN-10-023 Disclosure date : 15th Apr 2010 CVE-2010-1687 0x00 : Vulnerability information [+] Product : Mocha LPD [+] Version : 1.9 [+] Vendor : http://www.mochasoft.dk/ [+] URL : http://www.mochasoft.dk/lpd.htm [+] Type of vulnerability : Remote Buffer Overflow [+] Risk rating : Low [+] Issue fixed in version : none [+] Vulnerability discovered by : mr_me [+] Greetings to : The Corelan Security Team (http://www.corelan.be:8800/ind…..m-members/) 0x01 : Vendor description of software From the vendor website: Mocha W32 LPD is a 32-Bit Print Server application for Windows-95/98/2000 or XP Workstations. It works as a LPD server, giving your AS/400 or UNIX system access to local Printers on the Windows platform. Price information 25 USD (~20 EUR) 0x02 : Vulnerability details Remote Stack Overflow: When the server application recieves a malicous 'recieve jobs' request it fails to properly sanitize the request resulting in a stack based buffer overflow. 0x03 : Vendor communication 10th Apr, 2010 : Vendor contacted 10th Apr, 2010 : Vendor declines help and threatens with lawsuit 12th Apr, 2010 : Vendor contacted again, tried to convince him to work with us 12th Apr, 2010 : Vendor declines help again, states that he does not care about the bug 15th Apr, 2010 : Public Disclosure

References:

http://www.osvdb.org/63902
http://www.corelan.be:8800/wp-content/forum-file-uploads/mr_me/mochalpd.py_.txt
http://www.corelan.be:8800/index.php/forum/security-advisories/corelan-10-023-mocha-lpd-remote-buffer-overflow/
http://secunia.com/advisories/39394


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top