AOH :: HP Unsorted U :: BX1853.HTM

Unicode buffer-overflow in RPM Remote Print Manager 4.5.1.11



Unicode buffer-overflow in RPM Remote Print Manager 4.5.1.11
Unicode buffer-overflow in RPM Remote Print Manager 4.5.1.11




#######################################################################

                             Luigi Auriemma

Application:  RPM Remote Print Manager
http://lpd.brooksnet.com 
Versions:     <= 4.5.1.11 (tested both the Elite and Select versions)
              the beta version 5.0.38.0 does NOT seem vulnerable
Platforms:    Windows
Bug:          unicode buffer-overflow
Exploitation: remote
Date:         11 Feb 2008
Author:       Luigi Auriemma
e-mail: aluigi@autistici.org 
              web:    aluigi.org


#######################################################################


1) Introduction
2) Bug
3) The Code
4) Fix


#######################################################################

==============1) Introduction
==============

Remote Print Manager (RPM) is a commercial LPD server for Windows.


#######################################################################

=====2) Bug
=====

RPM is affected by an unicode buffer-overflow during the handling of
the "data file" name used for the creation of the temporary file to
print.


#######################################################################

==========3) The Code
==========

http://aluigi.org/poc/rpmlpdbof.zip 


#######################################################################

=====4) Fix
=====

No fix


#######################################################################


--- 
Luigi Auriemma
http://aluigi.org 

The entire AOH site is optimized to look best in Firefox® 3 on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH
We do not send spam. If you have received spam bearing an artofhacking.com email address, please forward it with full headers to abuse@artofhacking.com.