[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <968C60F8-0E72-11D8-BB8A-000393A48C4A@uidzero.org>
From: mudge at uidzero.org (mudge)
Subject: Re: [VulnWatch] SRT2003-11-02-0115 - NIPrint LPD-LPR Remote overflow
I would humbly advise against it.
PDF is not too far off from another stack based programming language...
PostScript. There is a substantial amount of functionality in the
language itself. A greater portion being understood by the interpreter
engines used to create pdf files and more and more being introduced to
the client interpreters.
I will admit that it has been some time since I looked into what was to
become part of ".PDF" capability but back when I did (several years
ago) they were already looking at active scripting hooks (ActiveX) etc.
It is entirely possible to create a .PDF document that when viewed
through 'distiller' creates, removes, truncates files on the end
system... etc. etc.
Just a comment on my part actually. Then again, I'm always amazed at
all of the "security" web sites built around javascript, server side
includes, and every other extra area of risk potentially introduced to
consumer and vendor for minimal aesthetics. (the fact that most of the
time neither the potential client, nor the "security" vendor has even
thought about this is a good reflection of this industry unfortunately).
cheers,
.mudge
On Tuesday, November 4, 2003, at 06:15 AM, KF wrote:
> We are currently evaluating .pdf based advisory release... please let
> us know if you have any issues with the pdf listed below.
>
> Full details on this issue can be found at:
> http://www.secnetops.com/research/advisories/SRT2003-11-02-0115.pdf
>
> -KF
>
>
> Secure Network Operations, Inc.
> http://www.secnetops.com/research
> Strategic Reconnaissance Team research@...netops.com
> Team Lead Contact kf@...netops.com
>
>
> Our Mission:
> ***********************************************************************
> *
> Secure Network Operations offers expertise in Networking, Intrusion
> Detection Systems (IDS), Software Security Validation, and
> Corporate/Private Network Security. Our mission is to facilitate a
> secure and reliable Internet and inter-enterprise communications
> infrastructure through the products and services we offer.
>
> To learn more about our company, products and services or to request a
> demo
> of ANVIL FCS please visit our site at http://www.secnetops.com, or
> call us
> at: 978-263-3829
>
>
> Quick Summary:
> ***********************************************************************
> *
> Advisory Number : SRT2003-11-02-0115
> Product : NIPrint LPD-LPR Print Server
> Version : <= 4.10
> Vendor : http://www.networkinstruments.com/
> Class : Remote
> Criticality : High (to NIPrint users)
> Operating System(s) : Win32
>
>
> Notice
> ***********************************************************************
> *
> The full technical details of this vulnerability can be found at:
> http://www.secnetops.com under the research section.
>
>
> Basic Explanation
> ***********************************************************************
> *
> High Level Description : NIPrint contains a remote buffer overflow
> What to do : Disable NIPrint until vendor patch is
> available.
>
>
> Basic Technical Details
> ***********************************************************************
> *
> Proof Of Concept Status : SNO has working Poc code.
>
> Low Level Description : NIPrint suffers from a classic buffer
> overflow
> condition. Sending 60 bytes to the printer port (515) will cause an
> exploitable overflow in the NIPrint daemon. See our research page at
> http://www.secnetops.biz/research for further details.
>
>
> Vendor Status : Vendor was contacted via email. The issue was
> confirmed however no further communication occured. We reccomend that
> you
> disable NIPrint until a vendor patch is available.
>
> Bugtraq URL : to be assigned
>
> Disclaimer
> -----------------------------------------------------------------------
> -
> This advisory was released by Secure Network Operations,Inc. as a
> matter
> of notification to help administrators protect their networks against
> the described vulnerability. Exploit source code is no longer released
> in our advisories but can be obtained under contract.. Contact our
> sales
> department at sales@...netops.com for further information on how to
> obtain proof of concept code.
>
>
> -----------------------------------------------------------------------
> -
> Secure Network Operations, Inc. || http://www.secnetops.com
> "Embracing the future of technology, protecting you."
>
>
>
Powered by blists - more mailing lists