larson_software_technology network_print_server NPSpcSVR.exe 缓冲区溢出漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1114534 漏洞类型 缓冲区溢出
发布时间 2008-02-11 更新时间 2008-09-05
CVE编号 CVE-2008-0763 CNNVD-ID CNNVD-200802-263
漏洞平台 Windows CVSS评分 10.0
|漏洞来源
https://www.exploit-db.com/exploits/31138
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200802-263
|漏洞详情
LarsonNetworkPrintServer(LstNPS)的NPSpcSVR.exe存在栈缓冲区溢出漏洞。远程攻击者可以借助向TCP3114端口发送LICENSE命令中的一个长参数执行任意代码。
|漏洞EXP
source: http://www.securityfocus.com/bid/27732/info

Larson Software Technology Network Print Server is prone to a format-string vulnerability and a buffer-overflow vulnerability.

An attacker can exploit these issues to execute arbitrary code within the context of the affected application or crash the application, denying service to legitimate users.

Network Print Server 9.4.2 build 105 and prior versions are affected. 

echo LICENSE aaaaa...160...aaaaa|nc SERVER 3114 -v -v
|参考资料

来源:XF
名称:networkprintserver-npspcsvr-bo(40421)
链接:http://xforce.iss.net/xforce/xfdb/40421
来源:BID
名称:27732
链接:http://www.securityfocus.com/bid/27732
来源:VUPEN
名称:ADV-2008-0500
链接:http://www.frsirt.com/english/advisories/2008/0500
来源:SECUNIA
名称:28890
链接:http://secunia.com/advisories/28890
来源:MISC
链接:http://aluigi.altervista.org/adv/lstnpsx-adv.txt
来源:BUGTRAQ
名称:20080211Formatstringandbuffer-overflowinLstNetworkPrintServer9.4.2build105
链接:http://www.securityfocus.com/archive/1/archive/1/487956/100/0/threaded