[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-Disclosure] Re: [VulnWatch] SRT2003-11-02-0115 - NIPrint LPD-LPR Remote overflow

To: KF <dotslash@snosoft.com>
Subject: [Full-Disclosure] Re: [VulnWatch] SRT2003-11-02-0115 - NIPrint LPD-LPR Remote overflow
From: mudge <mudge@uidzero.org>
Date: Mon, 3 Nov 2003 21:57:12 -0500

I would humbly advise against it.

PDF is not too far off from another stack based programming language... PostScript. There is a substantial amount of functionality in the language itself. A greater portion being understood by the interpreter engines used to create pdf files and more and more being introduced to the client interpreters.

I will admit that it has been some time since I looked into what was to become part of ".PDF" capability but back when I did (several years ago) they were already looking at active scripting hooks (ActiveX) etc.

It is entirely possible to create a .PDF document that when viewed through 'distiller' creates, removes, truncates files on the end system... etc. etc.

Just a comment on my part actually. Then again, I'm always amazed at all of the "security" web sites built around javascript, server side includes, and every other extra area of risk potentially introduced to consumer and vendor for minimal aesthetics. (the fact that most of the time neither the potential client, nor the "security" vendor has even thought about this is a good reflection of this industry unfortunately).

cheers,

.mudge

On Tuesday, November 4, 2003, at 06:15 AM, KF wrote:

We are currently evaluating .pdf based advisory release... please let us know if you have any issues with the pdf listed below.
Full details on this issue can be found at:
http://www.secnetops.com/research/advisories/SRT2003-11-02-0115.pdf
-KF

Secure Network Operations, Inc. http://www.secnetops.com/research Strategic Reconnaissance Team research@secnetops.com Team Lead Contact kf@secnetops.com

Our Mission: *********************************************************************** * Secure Network Operations offers expertise in Networking, Intrusion Detection Systems (IDS), Software Security Validation, and Corporate/Private Network Security. Our mission is to facilitate a secure and reliable Internet and inter-enterprise communications infrastructure through the products and services we offer.

To learn more about our company, products and services or to request a demo of ANVIL FCS please visit our site at http://www.secnetops.com, or call us at: 978-263-3829

Quick Summary: *********************************************************************** * Advisory Number : SRT2003-11-02-0115 Product : NIPrint LPD-LPR Print Server Version : <= 4.10 Vendor : http://www.networkinstruments.com/ Class : Remote Criticality : High (to NIPrint users) Operating System(s) : Win32

Notice *********************************************************************** * The full technical details of this vulnerability can be found at: http://www.secnetops.com under the research section.

Basic Explanation *********************************************************************** * High Level Description : NIPrint contains a remote buffer overflow What to do : Disable NIPrint until vendor patch is available.

Basic Technical Details *********************************************************************** * Proof Of Concept Status : SNO has working Poc code.

Low Level Description : NIPrint suffers from a classic buffer overflow condition. Sending 60 bytes to the printer port (515) will cause an exploitable overflow in the NIPrint daemon. See our research page at http://www.secnetops.biz/research for further details.

Vendor Status : Vendor was contacted via email. The issue was confirmed however no further communication occured. We reccomend that you disable NIPrint until a vendor patch is available.

Bugtraq URL : to be assigned

Disclaimer ----------------------------------------------------------------------- - This advisory was released by Secure Network Operations,Inc. as a matter of notification to help administrators protect their networks against the described vulnerability. Exploit source code is no longer released in our advisories but can be obtained under contract.. Contact our sales department at sales@secnetops.com for further information on how to obtain proof of concept code.

----------------------------------------------------------------------- - Secure Network Operations, Inc. || http://www.secnetops.com "Embracing the future of technology, protecting you."


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

References:
- [Full-Disclosure] SRT2003-11-02-0115 - NIPrint LPD-LPR Remote overflow
  - From: KF <dotslash@snosoft.com>

Prev by Date: Re: [Full-Disclosure] Fw: Red Hat Linux end-of-life update and transition planning
Next by Date: [Full-Disclosure] Liteserve Buffer Overflow in Handling Server's Log.
Previous by thread: [Full-Disclosure] SRT2003-11-02-0115 - NIPrint LPD-LPR Remote overflow
Next by thread: [Full-Disclosure] MDKSA-2003:103 - Updated apache packages fix vulnerabilities
Index(es):
- Date
- Thread