Full Disclosure mailing list archives
Re: [VulnWatch] SRT2003-11-02-0115 - NIPrint LPD-LPR Remote overflow
From: mudge <mudge () uidzero org>
Date: Mon, 3 Nov 2003 21:57:12 -0500
I would humbly advise against it.PDF is not too far off from another stack based programming language... PostScript. There is a substantial amount of functionality in the language itself. A greater portion being understood by the interpreter engines used to create pdf files and more and more being introduced to the client interpreters.
I will admit that it has been some time since I looked into what was to become part of ".PDF" capability but back when I did (several years ago) they were already looking at active scripting hooks (ActiveX) etc.
It is entirely possible to create a .PDF document that when viewed through 'distiller' creates, removes, truncates files on the end system... etc. etc.
Just a comment on my part actually. Then again, I'm always amazed at all of the "security" web sites built around javascript, server side includes, and every other extra area of risk potentially introduced to consumer and vendor for minimal aesthetics. (the fact that most of the time neither the potential client, nor the "security" vendor has even thought about this is a good reflection of this industry unfortunately).
cheers, .mudge On Tuesday, November 4, 2003, at 06:15 AM, KF wrote:
We are currently evaluating .pdf based advisory release... please let us know if you have any issues with the pdf listed below.Full details on this issue can be found at: http://www.secnetops.com/research/advisories/SRT2003-11-02-0115.pdf -KFSecure Network Operations, Inc. http://www.secnetops.com/researchStrategic Reconnaissance Team research () secnetops com Team Lead Contact kf () secnetops com Our Mission:*********************************************************************** *Secure Network Operations offers expertise in Networking, Intrusion Detection Systems (IDS), Software Security Validation, and Corporate/Private Network Security. Our mission is to facilitate a secure and reliable Internet and inter-enterprise communications infrastructure through the products and services we offer.To learn more about our company, products and services or to request a demo of ANVIL FCS please visit our site at http://www.secnetops.com, or call usat: 978-263-3829 Quick Summary:*********************************************************************** *Advisory Number : SRT2003-11-02-0115 Product : NIPrint LPD-LPR Print Server Version : <= 4.10 Vendor : http://www.networkinstruments.com/ Class : Remote Criticality : High (to NIPrint users) Operating System(s) : Win32 Notice*********************************************************************** *The full technical details of this vulnerability can be found at: http://www.secnetops.com under the research section. Basic Explanation*********************************************************************** *High Level Description : NIPrint contains a remote buffer overflowWhat to do : Disable NIPrint until vendor patch is available.Basic Technical Details*********************************************************************** *Proof Of Concept Status : SNO has working Poc code.Low Level Description : NIPrint suffers from a classic buffer overflowcondition. Sending 60 bytes to the printer port (515) will cause an exploitable overflow in the NIPrint daemon. See our research page at http://www.secnetops.biz/research for further details. Vendor Status : Vendor was contacted via email. The issue wasconfirmed however no further communication occured. We reccomend that youdisable NIPrint until a vendor patch is available. Bugtraq URL : to be assigned Disclaimer----------------------------------------------------------------------- - This advisory was released by Secure Network Operations,Inc. as a matterof notification to help administrators protect their networks against the described vulnerability. Exploit source code is no longer releasedin our advisories but can be obtained under contract.. Contact our salesdepartment at sales () secnetops com for further information on how to obtain proof of concept code.----------------------------------------------------------------------- -Secure Network Operations, Inc. || http://www.secnetops.com "Embracing the future of technology, protecting you."
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- SRT2003-11-02-0115 - NIPrint LPD-LPR Remote overflow KF (Nov 03)
- Re: [VulnWatch] SRT2003-11-02-0115 - NIPrint LPD-LPR Remote overflow mudge (Nov 03)