| Main Archive Page > Month Archives > full-disclosure-uk archives |
[Full-disclosure] Unicode buffer-overflow in RPM Remote Print Manager 4.5.1.11
From: Luigi Auriemma <aluigi_at_nospam>Date: Tue Feb 12 2008 - 18:16:07 GMT
To: bugtraq@securityfocus.com, bugs@securitytracker.com, news@securiteam.com, full-disclosure@lists.grok.org.uk, vuln@secunia.com, packet@packetstormsecurity.org
#######################################################################
Luigi Auriemma
Application: RPM Remote Print Manager
http://lpd.brooksnet.com
Versions: <= 4.5.1.11 (tested both the Elite and Select versions)
the beta version 5.0.38.0 does NOT seem vulnerable
Platforms: Windows
Bug: unicode buffer-overflow
Exploitation: remote
Date: 11 Feb 2008
Author: Luigi Auriemma
e-mail: aluigi@autistici.org
web: aluigi.org
#######################################################################
1) Introduction
2) Bug
3) The Code
4) Fix
#######################################################################
- Introduction
Remote Print Manager (RPM) is a commercial LPD server for Windows.
#######################################################################
2) Bug
RPM is affected by an unicode buffer-overflow during the handling of the "data file" name used for the creation of the temporary file to print.
#######################################################################
3) The Code
http://aluigi.org/poc/rpmlpdbof.zip
#######################################################################
4) Fix
No fix
#######################################################################
---
Luigi Auriemma
http://aluigi.org
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/