[VulnWatch] SRT2003-11-02-0218 - NIPrint LPD-LPR Local Help API SYSTEM exploit

From: KF (dotslash_at_snosoft.com)
Date: 11/04/03

  • Next message: KF: "[VulnWatch] SRT2003-11-02-0115 - NIPrint LPD-LPR Remote overflow"
    Date: Tue, 04 Nov 2003 06:15:35 -0500
    To: Full-Disclosure <full-disclosure@lists.netsys.com>
    
    
    

    We are currently evaluating .pdf based advisory release... please let us
    know if you have any issues with the pdf listed below.

    Full details on this issue can be found at:
    http://www.secnetops.com/research/advisories/SRT2003-11-02-0218.pdf

    -KF

    
    

                   

    Secure Network Operations, Inc. http://www.secnetops.com/research
    Strategic Reconnaissance Team research@secnetops.com
    Team Lead Contact kf@secnetops.com

    Our Mission:
    ************************************************************************
    Secure Network Operations offers expertise in Networking, Intrusion
    Detection Systems (IDS), Software Security Validation, and
    Corporate/Private Network Security. Our mission is to facilitate a
    secure and reliable Internet and inter-enterprise communications
    infrastructure through the products and services we offer.

    To learn more about our company, products and services or to request a
    demo of ANVIL FCS please visit our site at http://www.secnetops.com, or
    call us at: 978-263-3829

    Quick Summary:
    ************************************************************************
    Advisory Number : SRT2003-11-02-0218
    Product : NIPrint LPD-LPR Print Server
    Version : <= 4.10
    Vendor : http://www.networkinstruments.com/
    Class : Local
    Criticality : High (to NIPrint users)
    Operating System(s) : Win32

    Notice
    ************************************************************************
    The full technical details of this vulnerability can be found at:
    http://www.secnetops.com under the research section.

    Basic Explanation
    ************************************************************************
    High Level Description : NIPrint allows local user to become SYSTEM
    What to do : Disable NIPrint until patch is available.

    Basic Technical Details
    ************************************************************************
    Proof Of Concept Status : SNO has working Poc code.

    Low Level Description : The NIPrint Help API runs in a non secure manor.
    This issue is similar to findings by Brett Moore of security-assessment.com.
    Basic details on this type of flaw can be found at securityfocus.com/bid/8884.
    See our research page at http://www.secnetops.biz/research for further details.

    Vendor Status : Vendor was contacted via email. No response on
    this issue or any further response on a previously reported issue. We
    reccomend that you disable NIPrint until a vendor patch is available.

    Bugtraq URL : To be assigned.
    Disclaimer
    ----------------------------------------------------------------------
    This advisory was released by Secure Network Operations,Inc. as a matter
    of notification to help administrators protect their networks against
    the described vulnerability. Exploit source code is no longer released
    in our advisories but can be obtained under contract.. Contact our sales
    department at sales@secnetops.com for further information on how to
    obtain proof of concept code.

    ----------------------------------------------------------------------
    Secure Network Operations, Inc. || http://www.secnetops.com
    "Embracing the future of technology, protecting you."

     


  • Next message: KF: "[VulnWatch] SRT2003-11-02-0115 - NIPrint LPD-LPR Remote overflow"

    Relevant Pages