Land #18069, Handle LDAP UnbindRequest

Remote::JndiInjection: handle LDAP UnbindRequest
2023-06-12 09:53:38 -04:00 · 2023-06-12 09:53:38 -04:00 · 834ad18d28
parent 43003eefa8 668b72a4ca
commit 834ad18d28
2 changed files with 6 additions and 1 deletions
--- a/lib/msf/core/exploit/remote/jndi_injection.rb
+++ b/lib/msf/core/exploit/remote/jndi_injection.rb
@ -60,9 +60,12 @@ module Exploit::Remote::JndiInjection
               else
                 service.encode_ldap_response(pdu.message_i, 50, '', 'Not authenticated', Net::LDAP::PDU::SearchResult)
               end
+             when Net::LDAP::PDU::UnbindRequest
+               vprint_status("Client sent unbind request")
+               nil # close client, no response can be sent over unbound comm
             else
               vprint_status("Client sent unexpected request #{pdu.app_tag}")
-               client.close
+               nil # close client, can't handle the unknown
             end
      resp.nil? ? client.close : on_send_response(client, resp)
    rescue StandardError => e
--- a/lib/rex/proto/ldap/server.rb
+++ b/lib/rex/proto/ldap/server.rb
@ -182,6 +182,8 @@ module Rex
                     else
                       service.encode_ldap_response(pdu.message_id, 50, '', 'Not authenticated', Net::LDAP::PDU::SearchResult)
                     end
+                   when Net::LDAP::PDU::UnbindRequest
+                     nil # close client, no response can be sent over unbound comm
                   else
                     service.encode_ldap_response(
                       pdu.message_id,