MA Lighting Technology grandMA onPC v6.808 Remote Denial of Service Exploit
Title: MA Lighting Technology grandMA onPC v6.808 Remote Denial of Service Exploit
Advisory ID: ZSL-2014-5183
Type: Local/Remote
Impact: DoS
Risk: (3/5)
Release Date: 03.04.2014
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
[31.03.2014] Vendor contacted.
[02.04.2014] No reply from the vendor.
[03.04.2014] Public security advisory released.
[2] http://packetstormsecurity.com/files/126008
[3] http://www.securityfocus.com/bid/66645
[4] http://osvdb.org/show/osvdb/105463
[5] http://www.exploit-db.com/exploits/32704/
[6] http://www.vfocus.net/art/20140408/11463.html
[08.04.2014] - Added reference [2], [3], [4] and [5]
[10.04.2014] - Added reference [6]
Web: http://www.zeroscience.mk
e-mail: lab@zeroscience.mk
Advisory ID: ZSL-2014-5183
Type: Local/Remote
Impact: DoS
Risk: (3/5)
Release Date: 03.04.2014
Summary
The grandMA onPC software incorporates all functions of a grandMA console and offers you its full potential on your notebook or PC. You can use grandMA onPC for running, programming or offline pre-programming, as well as a smart backup solution within the grandMA system. With the MA onPC command wing and MA onPC fader wing MA Lighting has developed a sophisticated hardware extension perfectly suited for the grandMA onPC software.Description
grandMA onPC version 6.808 is exposed to a remote denial of service issue when processing socket connection negotiation. This issue occurs when the application handles a single malformed packet over TCP port 7003, resulting in a crash.--------------------------------------------------------------------------------
(1324.be4): Access violation - code c0000005 (first chance)
First chance exceptions are reported before any exception handling.
This exception may be expected and handled.
eax=3535393f ebx=07279f80 ecx=35353937 edx=0c05f038 esi=3535393f edi=3535393b
eip=77ce22c2 esp=0c05ef7c ebp=0c05ef90 iopl=0 nv up ei pl nz ac pe nc
cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00010216
ntdll!RtlEnterCriticalSection+0x12:
77ce22c2 f00fba3000 lock btr dword ptr [eax],0 ds:002b:3535393f=????????
--
303.640 GMA : RR NEW STATION IN NETWORK 127.0.0.1(100) AS Standalone
367.147 SHAR: RPC COMMAND UNSUPPORTED CMD 542393671 from 127.0.0.1
367.147 SHAR: SHARED_REMOTECALL NOT TERMINATED CORRECTLY !
367.180 CC : ******* EXCEPTION **************************
367.180 CC : * ACCESS_VIOLATION
367.180 CC : * EAX = 37363341 EBX = 6D856B0
367.180 CC : * ECX = 37363339 EDX = B78F41C
367.180 CC : * ESI = 37363341 EDI = 3736333D
367.180 CC : * DESKTYP : GMA [Windows]
367.180 CC : * VERSION : 6.808 STREAMING : 6801
367.180 CC : ********************************************
367.240 CC : 0x775522c2 RtlEnterCriticalSection() + 0x12
--------------------------------------------------------------------------------
Vendor
MA Lighting Technology GmbH - http://www.malighting.comAffected Version
grandMA series 1 onPC Software 6.808 (6.801)Tested On
Microsoft Windows 7 Professional SP1 (EN)Vendor Status
[31.03.2014] Vulnerability discovered.[31.03.2014] Vendor contacted.
[02.04.2014] No reply from the vendor.
[03.04.2014] Public security advisory released.
PoC
granny.rsCredits
Vulnerability discovered by Gjoko Krstic - <gjoko@zeroscience.mk>References
[1] http://cxsecurity.com/issue/WLB-2014040021[2] http://packetstormsecurity.com/files/126008
[3] http://www.securityfocus.com/bid/66645
[4] http://osvdb.org/show/osvdb/105463
[5] http://www.exploit-db.com/exploits/32704/
[6] http://www.vfocus.net/art/20140408/11463.html
Changelog
[03.04.2014] - Initial release[08.04.2014] - Added reference [2], [3], [4] and [5]
[10.04.2014] - Added reference [6]
Contact
Zero Science LabWeb: http://www.zeroscience.mk
e-mail: lab@zeroscience.mk