Modified for 8-space tabs
This commit is contained in:
parent
89c1894e07
commit
ce0de02a2a
|
@ -19,12 +19,12 @@ class Metasploit3 < Msf::Exploit::Remote
|
||||||
|
|
||||||
def initialize(info = {})
|
def initialize(info = {})
|
||||||
super(update_info(info,
|
super(update_info(info,
|
||||||
'Name' => 'Stack-based buffer overflow in the DCE/RPC preprocessor in Snort',
|
'Name' => 'Stack-based buffer overflow in the DCE/RPC preprocessor in Snort',
|
||||||
'Description' => %q{
|
'Description' => %q{
|
||||||
This module allows remote attackers to execute arbitrary code exploiting the Snort
|
This module allows remote attackers to execute arbitrary code exploiting the
|
||||||
service via crafted SMB traffic. The vulnerability is caused due to a boundary error
|
Snort service via crafted SMB traffic. The vulnerability is caused due to a boundary
|
||||||
within the DCE/RPC preprocessor when reassembling SMB Write AndX requests. This can
|
error within the DCE/RPC preprocessor when reassembling SMB Write AndX requests. This
|
||||||
be exploited to cause a stack-based buffer overflow via a specially crafted packet
|
can be exploited to cause a stack-based buffer overflow via a specially crafted packet
|
||||||
sent on a network that is monitored by Snort.
|
sent on a network that is monitored by Snort.
|
||||||
|
|
||||||
Vulnerable versions include Snort 2.6.1, 2.7 Beta 1 and SourceFire IDS 4.1, 4.5 and 4.6.
|
Vulnerable versions include Snort 2.6.1, 2.7 Beta 1 and SourceFire IDS 4.1, 4.5 and 4.6.
|
||||||
|
@ -34,27 +34,24 @@ class Metasploit3 < Msf::Exploit::Remote
|
||||||
|
|
||||||
Original discovery by Neel Mehta, IBM Internet Security Systems X-Force.
|
Original discovery by Neel Mehta, IBM Internet Security Systems X-Force.
|
||||||
},
|
},
|
||||||
'Author' =>
|
'Author' => [ 'Carsten Maartmann-Moe <carsten@carmaa.com>' ],
|
||||||
[
|
'License' => MSF_LICENSE,
|
||||||
'Carsten Maartmann-Moe <carsten@carmaa.com>'
|
'Version' => '$Revision$',
|
||||||
],
|
'Platform' => 'win',
|
||||||
'License' => MSF_LICENSE,
|
|
||||||
'Version' => '$Revision$',
|
|
||||||
'Platform' => 'win',
|
|
||||||
'References' =>
|
'References' =>
|
||||||
[
|
[
|
||||||
[ 'OSVDB', '67988' ],
|
[ 'OSVDB', '67988' ],
|
||||||
[ 'CVE', 'CVE-2006-5276' ],
|
[ 'CVE', 'CVE-2006-5276' ],
|
||||||
[ 'URL', 'http://downloads.securityfocus.com/vulnerabilities/exploits/22616-linux.py']
|
[ 'URL', 'http://downloads.securityfocus.com/vulnerabilities/exploits/22616-linux.py']
|
||||||
],
|
],
|
||||||
'DefaultOptions' =>
|
'DefaultOptions'=>
|
||||||
{
|
{
|
||||||
'EXITFUNC' => 'thread',
|
'EXITFUNC' => 'thread',
|
||||||
},
|
},
|
||||||
'Payload' =>
|
'Payload' =>
|
||||||
{
|
{
|
||||||
'Space' => 390,
|
'Space' => 390,
|
||||||
'BadChars' => "\x00",
|
'BadChars' => "\x00",
|
||||||
'DisableNops' => true,
|
'DisableNops' => true,
|
||||||
},
|
},
|
||||||
'Targets' =>
|
'Targets' =>
|
||||||
|
@ -66,9 +63,9 @@ class Metasploit3 < Msf::Exploit::Remote
|
||||||
}
|
}
|
||||||
],
|
],
|
||||||
],
|
],
|
||||||
'Privileged' => true,
|
'Privileged' => true,
|
||||||
'DisclosureDate' => 'Feb 19 2007',
|
'DisclosureDate'=> 'Feb 19 2007',
|
||||||
'DefaultTarget' => 0))
|
'DefaultTarget' => 0))
|
||||||
|
|
||||||
register_options(
|
register_options(
|
||||||
[
|
[
|
||||||
|
|
Loading…
Reference in New Issue