CVE-2012-4330
published 2012-08-14CVE-2012-4330: The Samsung D6000 TV and possibly other products allows remote attackers to cause a denial of service (crash) via a long string in certain fields, as…
PriorityP343high7.8CVSS 2.0
AVNACLAuNCNINAC
EXPLOIT
EPSS
13.88%
96.1th percentile
The Samsung D6000 TV and possibly other products allows remote attackers to cause a denial of service (crash) via a long string in certain fields, as demonstrated by the MAC address field, possibly a buffer overflow.
Detection & IOCsextracted from sources · hover to see the quote
- →Monitor TCP port 55000 for oversized or malformed remote controller packets, particularly those with abnormally long MAC address or name string fields, which are the attack vectors for the DoS/buffer-overflow. ↗
- →Alert on remote controller packets sent to TCP/55000 containing line feed or other non-printable/invalid characters in the controller name string field, which triggers the endless restart loop. ↗
- →The Samsung remote control protocol on TCP/55000 is enabled by default and exposes the device to unauthenticated network attackers; detect unexpected connections to this port from non-approved hosts. ↗
- →Over 40 TCP ports are opened by default on affected Samsung TV devices; broad port scanning of Samsung TV IPs may indicate reconnaissance prior to exploitation. ↗
- ·Affected devices include Samsung TVs (2010 Internet@TV models LCD 650+, LED 6500+, PDP 6500+) and 2011 AllShare models, as well as BD players; the researcher only confirmed exploitation on a D6000 TV with latest firmware. ↗
- ·No vendor fix was available at time of disclosure; Samsung had no published security contact address for vulnerability reporting. ↗
- ·The endless-restart DoS requires user interaction (selecting allow/deny on the TV screen) to trigger, but the buffer-overflow crash via long MAC address field does not appear to require user interaction. ↗
CVSS provenance
nvdv2.07.8HIGHAV:N/AC:L/Au:N/C:N/I:N/A:C
vendor_redhat7.2HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-pgh5-x82g-f7jf: The Samsung D6000 TV and possibly other products allows remote attackers to cause a denial of service (crash) via a long string in certain fields, as
ghsa_unreviewed·2022-05-13
CVE-2012-4330 [HIGH] CWE-119 GHSA-pgh5-x82g-f7jf: The Samsung D6000 TV and possibly other products allows remote attackers to cause a denial of service (crash) via a long string in certain fields, as
The Samsung D6000 TV and possibly other products allows remote attackers to cause a denial of service (crash) via a long string in certain fields, as demonstrated by the MAC address field, possibly a buffer overflow.
Red Hat
kernel: hfs: add sanity check for file name length
vendor_redhat·2011-11-09·CVSS 7.2
CVE-2011-4330 [HIGH] kernel: hfs: add sanity check for file name length
kernel: hfs: add sanity check for file name length
Stack-based buffer overflow in the hfs_mac2asc function in fs/hfs/trans.c in the Linux kernel 2.6 allows local users to cause a denial of service (crash) and possibly execute arbitrary code via an HFS image with a crafted len field.
Statement: This issue did not affect the Linux kernels as shipped with Red Hat Enterprise Linux 6 and Red Hat Enterprise MRG as they did not include support for the Hierarchical File System (HFS) file system. This has been addressed in Red Hat Enterprise Linux 5 via https://rhn.redhat.com/errata/RHSA-2012-0007.html.
Package: kernel (Red Hat Enterprise Linux 4) - Not affected
Package: kernel (Red Hat Enterprise Linux 6) - Not affected
Package: realtime-kernel (Red Hat Enterprise MRG 2) - Not affected
No detection rules found.
Exploit-DB
Samsung NET-i ware 1.37 - Multiple Vulnerabilities
exploitdb·2012-04-22
CVE-2012-4335 Samsung NET-i ware 1.37 - Multiple Vulnerabilities
Samsung NET-i ware 1.37 - Multiple Vulnerabilities
---
#######################################################################
Luigi Auriemma
Application: Samsung NET-i ware
http://www.samsungsecurity.com/product/product_view.asp?idx=6447
http://www.samsungsecurity.com/product/product_view.asp?idx=5828
Versions: <= 1.37
Platforms: Windows
Bugs: A] Endless loop in remote services
B] Code execution in ConnectDDNS ActiveX
C] Stack overflow in BackupToAvi ActiveX
Exploitation: remote
Date: 21 Apr 2012
Author: Luigi Auriemma
e-mail: [email protected]
web: aluigi.org
#######################################################################
1) Introduction
2) Bugs
3) The Code
4) Fix
#######################################################################
1) Introduction
"Recording so
Exploit-DB
Samsung D6000 TV - Multiple Vulnerabilities
exploitdb·2012-04-19
CVE-2012-4330 Samsung D6000 TV - Multiple Vulnerabilities
Samsung D6000 TV - Multiple Vulnerabilities
---
#######################################################################
Luigi Auriemma
Application: Samsung devices with support for remote controllers
http://www.samsung.com
Versions: current
Platforms: the vulnerable protocol is used on both TV and blue-ray
devices so both of them should be vulnerable (my tests
were performed only on a D6000 TV with the latest
firmware); the following are the products listed on the
iTunes section of the app but note that I have NOT
tested them:
- TV released in 2010 with Internet@TV feature
Models greater than or equal to LCD 650, LED 6500 and PDP 6500
- TV released in 2011 with AllShare feature
Models greater than or equal to LCD 550, LED 5500 and PDP 5500
- BD released in 2011 with Smart Hub feature
M
http://aluigi.org/adv/samsux_1-adv.txthttp://archives.neohapsis.com/archives/bugtraq/2012-04/0142.htmlhttp://www.exploit-db.com/exploits/18751http://www.osvdb.org/81222http://www.securityfocus.com/bid/53161http://www.securitytracker.com/id?1026976https://exchange.xforce.ibmcloud.com/vulnerabilities/74928http://aluigi.org/adv/samsux_1-adv.txthttp://archives.neohapsis.com/archives/bugtraq/2012-04/0142.htmlhttp://www.exploit-db.com/exploits/18751http://www.osvdb.org/81222http://www.securityfocus.com/bid/53161http://www.securitytracker.com/id?1026976https://exchange.xforce.ibmcloud.com/vulnerabilities/74928
2012-08-14
Published