cyan_soft opium4_opi_server LPD服务器 拒绝服务攻击漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1114536 漏洞类型 设计错误
发布时间 2008-02-11 更新时间 2008-12-20
CVE编号 CVE-2008-0756 CNNVD-ID CNNVD-200802-256
漏洞平台 Multiple CVSS评分 5.0
|漏洞来源
https://www.exploit-db.com/exploits/31136
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200802-256
|漏洞详情
cyansoftOpiumOPIServer,cyanPrintIPEasyOPI,Workstation,Standard的LPD服务器存在拒绝服务攻击漏洞。远程攻击者可以借助一个连接(connection)引起拒绝服务攻击(后台程序崩溃)。该连接以(1)一个"Sendqueuestate"LPD指令3或者(2)一个"Sendqueuestate"LPD指令4开始。
|漏洞EXP
source: http://www.securityfocus.com/bid/27728/info

Multiple cyan soft products are affected by a format-string vulnerability because they fail to adequately sanitize user-supplied input before passing it as the format-specifier to a formatted-printing function.

These applications are also affected by a denial-of-service vulnerability because they fail to adequately handle certain commands during the start of a connection.

Attackers can leverage these issues to execute arbitrary code in the context of the application or to terminate the application. Successful attacks will compromise the applications or deny access to legitimate users.

The following applications are affected:

Opium4 OPI Server 4.10.1028 and prior
cyanPrintIP Easy OPI 4.10.1030 and prior
cyanPrintIP Professional 4.10.1030 and prior
cyanPrintIP Workstation 4.10.836 and prior
cyanPrintIP Standard 4.10.940 and prior
cyanPrintIP Basic 4.10.1030 and prior 

https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/bin-sploits/31136.zip
|参考资料

来源:BID
名称:27734
链接:http://www.securityfocus.com/bid/27734
来源:BID
名称:27728
链接:http://www.securityfocus.com/bid/27728
来源:SECUNIA
名称:28870
链接:http://secunia.com/advisories/28870
来源:MISC
链接:http://aluigi.altervista.org/adv/cyanuro-adv.txt
来源:BUGTRAQ
名称:20080211FormatstringandDoSinOpiumOPIandcyanPrintIPservers4.10.x
链接:http://www.securityfocus.com/archive/1/archive/1/487955/100/0/threaded
来源:VUPEN
名称:ADV-2008-0498
链接:http://www.frsirt.com/english/advisories/2008/0498