[<prev] [next>] [day] [month] [year] [list]
Message-ID: <WorldClient-F200801112035.AA35120118@butn.net>
Date: Fri, 11 Jan 2008 20:35:12 +0100
From: "xerces8" <xerces8@...n.net>
To: full-disclosure@...ts.grok.org.uk
Subject: DoS in Sonic DLA 5.2.0
Hi!
By inserting a prepared DVD media into a DVD drive on
a PC running Sonix Drive Letter Access software
and accessed by (like browsing the DVD in Windows Explorer),
the Sonic DLA can be brought to a loop, that eats 100% CPU
(one core in multicore/CPU system), locks up the Explorer
process that was used to access the DVD and the DVD can not
be ejected any more (the drive is locked).
Additionaly all folowing started Windows Explorers hang immediately.
If the user closes them by force, the main explorer.exe process (that
manages the desktop and taskbar) is also killed and never recovers (at
least not in the few minutes I waited).
A try at shutdown or restart complains that DLACTRLW.EXE is not responding.
The shutdown is very long (I stopped waiting after a few minutes).
Affected version:
Sonic DLA 5.2.0
running on Windows XP Professional SP2
(english and german version of Windows tested by me)
PoC
---
It seems almost any medium created with Nero InCD has this effect on Sonic DLA.
Attached is an archived ISO image that can be written on a DVD+RW
that should trigger the DLA problem. Just insert the prepared DVD+RW
into a PC having Sonic DLA installed and try to browse it.
The file is a 7-ZIP archive, containing one ISO file, which has one small
text file on (and a few ISO9660 entries for systems that don't understand
UDF; this is always written by InCD).
Under linux the file can be used with this command line :
# first insert a DVD+RW. If it is virgin,
# you might have to write something to it first
7z e -so boomerang2.7z > /dev/hda # replace hda with your actual DVD+RW unit
The 7z binary is available from http://p7zip.sourceforge.net
On Windows you probably must extract the ISO file to the harddrive first
and then burn it to a DVD+RW medium using your favourite CD burning tool.
Note the ISO file is 4 gigabytes big, but compressed to 600 KB with 7zip.
MD5sums :
189937f2ea5f9587b347893ba5ee86cf *Boomerang2.iso
dac8cfad75f829f12bf19f47907eb8eb *boomerang2.7z
Links for boomerang2.7z download:
http://www.gigasize.com/get.php?d=hljov7t1mcf
http://www.sendspace.com/file/6cwtqm
Regards,
David Balažic
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists