CVE-2017-2785
published 2017-03-10CVE-2017-2785: An exploitable buffer overflow exists in the psnotifyd application of the Pharos PopUp printer client version 9.0. A specially crafted packet can be sent to…
PriorityP263critical10CVSS 3.0
AVNACLPRNUINSCCHIHAH
EPSS
5.15%
91.4th percentile
An exploitable buffer overflow exists in the psnotifyd application of the Pharos PopUp printer client version 9.0. A specially crafted packet can be sent to the victim's computer and can lead to a heap based buffer overflow resulting in remote code execution. This client is always listening, has root privileges, and requires no user interaction to exploit.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| pharos | popup | — | — |
| pharos | popup_printer_client | — | — |
Detection & IOCsextracted from sources · hover to see the quote
snort↗
Snort Rules: 41505 - 41510
- →Target process: psnotifyd — a root-privileged, always-listening application on the victim host; any unexpected inbound network connection to this process should be treated as suspicious. ↗
- →Exploit trigger: look for network packets sent to psnotifyd that contain a length field (attacker-controlled) set to an abnormally large value, causing the DecodeString or DecodeBinary function to write outside the allocated heap buffer. ↗
- ·Snort rules 41505–41510 cover all four related vulnerabilities (CVE-2017-2785, CVE-2017-2786, CVE-2017-2787, CVE-2017-2788); additional rules may be released and existing rules are subject to change. ↗
CVSS provenance
nvdv3.010.0CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
Talos
Vulnerability Spotlight: Pharos Vulnerabilities
blogs_talos·2017-03-07·CVSS 10.0
[CRITICAL] Vulnerability Spotlight: Pharos Vulnerabilities
Discovered by Tyler Bohan of Cisco Talos. Talos would also like to thank NYU Osiris Lab for helping out with these vulnerabilities.
Pharos PopUp Printer is printing software that is widely used to manage multiple connections to a single printing point. Services that run with root privileges that are open to network connections are a tempting target for attackers. Talos is disclosing the presence of three code execution vulnerabilities and a denial of service vulnerability in the psnotifyd application of the Pharos PopUp printer client version 9.0
TALOS-2017-0280, TALOS-2017-0283 Code Execution Vulnerabilities (CVE-2017-2785, CVE-2017-2788)
TALOS-2017-0282 Memcpy Code Execution Vulnerability (CVE-2017-2787)
TALOS-2017-0281 DecodeString Denial of Service Vulnerability (CVE-2017-2786)
##
Talos
Vulnerability Spotlight: Pharos Vulnerabilities
blogs_talos·2017-03-07·CVSS 10.0
[CRITICAL] Vulnerability Spotlight: Pharos Vulnerabilities
## Vulnerability Spotlight: Pharos Vulnerabilities
Discovered by Tyler Bohan of Cisco Talos. Talos would also like to thank NYU Osiris Lab for helping out with these vulnerabilities.
Pharos PopUp Printer is printing software that is widely used to manage multiple connections to a single printing point. Services that run with root privileges that are open to network connections are a tempting target for attackers. Talos is disclosing the presence of three code execution vulnerabilities and a denial of service vulnerability in the psnotifyd application of the Pharos PopUp printer client version 9.0
TALOS-2017-0280, TALOS-2017-0283 Code Execution Vulnerabilities (CVE-2017-2785, CVE-2017-2788)
TALOS-2017-0282 Memcpy Code Execution Vulnerability (CVE-2017-2787)
TALOS-2017-0281 DecodeString
2017-03-10
Published