RooBee One, an open-source SLA/DLP 3D printer

[Aldric Negrier] is no stranger to the 3D printing world. Having built a few already, he designed and built an SLA/DLP 3D printer, named RooBee One, sharing the plans on Instructables. He also published tons of other stuff, like a 3D Printed Syringe Pump Rack and a 3D Scanning Rig And DIY Turntable. It’s really worth while going through his whole Instructables repository.

This open-source 3D printer was inspired by the Cristelia – SLA/LCD 3d printer and the Vulcanus MAX 3D printer (that he designed). RooBee One has an aluminium frame and an adjustable print area of 80x60x200 mm, with up to 150x105x200mm build volume using an ACER DLP projector. In addition, a fan on top of the printer was added to extract the toxic vapours outside and away from the printer operator. The electronics are based on the Arduino MEGA with the RAMPS 1.4 shield and one NEMA 17 stepper motor. As for the Arduino Mega firmware, [Aldric] choose to use Repetier, which he usually uses in his other printers.

The SLA resin he used is the Standard Blend Resin from Fun to Do Resins. These resins tend to release toxic airborne particles, so extra care should be taken to ventilate the area while printing and also do a proper cleaning afterwards.

You can get a glimpse of the printer making a small gear come to life in the following video:

Continue reading “RooBee One, an open-source SLA/DLP 3D printer”

Santa Knows If Your Contact Form Uses PHPMailer < 5.2.18

PHPMailer, one of the most used classes for sending emails from within PHP, has a serious vulnerability in versions less than 5.2.18 (current version). The security researcher [Dawid Golunski] just published a limited advisory stating that PHPMailer suffers from a critical flaw that might lead an attacker to achieve remote code execution in the context of the web server user. PHPMailer is used by several open-source projects, among them are: WordPress, Drupal, 1CRM, SugarCRM, Yii and Joomla. A fix has been issued and PHPMailer is urging all users to upgrade their systems.

To trigger this vulnerability (CVE-2016-10033) it seems that the attacker only has to make the web application send out an email using the vulnerable PHPMailer class. Depending on the application itself, this can be accomplished in different ways, such as contact/feedback forms, registration forms, password email resets and so on.

Upon a quick diff analysis, we found that the vulnerable code seems to lie in the following lines of the class.phpmailer.php:

Continue reading “Santa Knows If Your Contact Form Uses PHPMailer < 5.2.18”

IKEA Table 3D Printer

In this Instructable, [Wayne Mason-Drust] shares the step by step guide on how to make a cool, good-looking, 3D printer based on the Ikea LACK table. From an Ikea lantern weather station to a fully printed CNC based on an Ikea table, it’s almost safe to say that a 3D printer Ikea hack was overdue.

The idea to use a Ikea table as a base for a 3D printer first came to [Wayne] as he used this table to support other 3D printer he had working in his business. He realized that, even after five years of use, the table showed no signs of wear or distortion. So he decided to start to work on a 3D printer based on this precise table, the one that used to hold the printer.

[Wayne] stacked two together and named it Printtable (pun intended?). This open source, cartesian rep-rap 3D printer looks pretty slick. With a build area of 340mm X 320mm and 300mm on the Z axis and a price tag for the parts starting as low as $395, seems like a pretty decent 3D printer. With some work sourcing the parts, maybe it can be even lower.

Or we can just wait until Ikea starts selling them.

Continue reading “IKEA Table 3D Printer”

Reliably Exploiting Apport in Ubuntu

[Donncha O’Cearbhaill] has successfully exploited two flaws in Apport, the crash report mechanism in Ubuntu. Apport is installed by default in all Ubuntu Desktop installations >= 12.10 (Quantal). Inspired by [Chris Evan] work on exploiting 6502 processor opcodes on the NES, [Donncha] describes the whole process of finding and exploiting a 0-day on a modern linux system.

One of the flaws, tracked as CVE-2016-9949, relies on a python code injection in the crash file. Apport blindly uses the python eval() function on an unsanitized field (CrashDB) inside the .crash file. This leads directly to arbitrary python code execution. The other flaw, tracked as CVE-2016-9950, takes advantage of a path traversal attack and the execution of arbitrary Python scripts outside the system hook_dirs. The problem arises when another field (Package) from the crash report file is used without sanitizing when building a path to the package hook files.

CVE-2016-9949 is easily exploitable, if an attacker can trick a user into opening a specially crafted file (apport .crash file), the attacker can execute the python code of his/her choice. Two details make it a very interesting exploit.

The first thing to note is the exploit’s reliability. Given that it is pure python code execution, an attacker doesn’t have to worry about ASLR, Non-Exec Memory, Stack Canaries and other security features that Ubuntu ships by default. As the author notes:

“There are lots of bugs out there which don’t need hardcore memory corruption exploitation skills. Logic bugs can be much more reliable than any ROP chain.”

Another interesting detail is that the exploit file doesn’t need to have the .crash extension, as long as its content starts with the string “ProblemType: ” and the file extension is not associated already with other software, Ubuntu considers it being of mime-type type=”text/x-apport” (for example, .ZlP or .0DF). This significantly improves the chances of an unsuspecting user being fooled into open the file.

Continue reading “Reliably Exploiting Apport in Ubuntu”