This time I’ve found a more critical vulnerability with a CVSSv2 score of 7,5 coordinated by which has already been published on 2012-03-01, but due to a very unfortunate way of communication by Secunia, I haven’t been informed about the release of the advisory – that’s the reason for the late article on it 🙁

But anyways, this vulnerability is a perfect example of how not to react to confidentially reported security issues: Ricoh did not response to any of Secunia’s notifications since my discovery and reporting of the bug on 2012-02-05. Even if it’s not one of their flagship products, there are always customers who take care of their entire network security and who don’t like security breaches at all!  Let’s hope that they’ll fix the issue after the full disclosure, which by the way works perfectly in such situations like this.

@Ricoh: If you read this and if have further questions regarding the bug, do not hesitate to contact me!

You can review the full advisory here.

And exclusively for readers, here’s a fully working exploit for Windows XP which will simply launch a calc.exe on the remote side :

Ricoh DC Software DL-10 FTP Server (SR10.exe) <= Remote Buffer Overflow Vulnerability
Tagged on:             

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.