Corelan Team

Advisory : CORELAN-10-023

Disclosure date : 15th Apr 2010

CVE-2010-1687

0x00 : Vulnerability information

[+] Product : Mocha LPD

[+] Version : 1.9

[+] Vendor : http://www.mochasoft.dk/

[+] URL : http://www.mochasoft.dk/lpd.htm

[+] Type of vulnerability : Remote Buffer Overflow

[+] Risk rating : Low

[+] Issue fixed in version : none

[+] Vulnerability discovered by : mr_me

[+] Greetings to : The Corelan Security Team (http://www.corelan.be:8800/ind…..m-members/)

0x01 : Vendor description of software

From the vendor website:

Mocha W32 LPD is a 32-Bit Print Server application for Windows-95/98/2000 or XP Workstations. It works as a LPD server, giving your AS/400 or UNIX system access to local Printers on the Windows platform.

Price information

25 USD (~20 EUR)

0x02 : Vulnerability details

Remote Stack Overflow:

When the server application recieves a malicous 'recieve jobs' request it fails to properly sanitize the request resulting in a stack based buffer overflow.

0x03 : Vendor communication

 10th Apr, 2010 : Vendor contacted

 10th Apr, 2010 : Vendor declines help and threatens with lawsuit

 12th Apr, 2010 : Vendor contacted again, tried to convince him to work with us

 12th Apr, 2010 : Vendor declines help again, states that he does not care about the bug

 15th Apr, 2010 : Public Disclosure

0x04 : Exploit/PoC

here