dnrops
/
metasploit-framework
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Modified for 8-space tabs

This commit is contained in:
Carsten Maartmann-Moe 2012-04-08 16:09:28 -04:00
parent 89c1894e07
commit ce0de02a2a
1 changed files with 17 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

37
modules/exploits/windows/ids/snort_dce_rpc.rb
View File

@ -19,12 +19,12 @@ class Metasploit3 < Msf::Exploit::Remote
def initialize(info = {}) def initialize(info = {})
super(update_info(info, super(update_info(info,
'Name' => 'Stack-based buffer overflow in the DCE/RPC preprocessor in Snort', 'Name' => 'Stack-based buffer overflow in the DCE/RPC preprocessor in Snort',
'Description' => %q{ 'Description' => %q{
This module allows remote attackers to execute arbitrary code exploiting the Snort This module allows remote attackers to execute arbitrary code exploiting the
service via crafted SMB traffic. The vulnerability is caused due to a boundary error Snort service via crafted SMB traffic. The vulnerability is caused due to a boundary
within the DCE/RPC preprocessor when reassembling SMB Write AndX requests. This can error within the DCE/RPC preprocessor when reassembling SMB Write AndX requests. This
be exploited to cause a stack-based buffer overflow via a specially crafted packet can be exploited to cause a stack-based buffer overflow via a specially crafted packet
sent on a network that is monitored by Snort. sent on a network that is monitored by Snort.
Vulnerable versions include Snort 2.6.1, 2.7 Beta 1 and SourceFire IDS 4.1, 4.5 and 4.6. Vulnerable versions include Snort 2.6.1, 2.7 Beta 1 and SourceFire IDS 4.1, 4.5 and 4.6.
@ -34,27 +34,24 @@ class Metasploit3 < Msf::Exploit::Remote
Original discovery by Neel Mehta, IBM Internet Security Systems X-Force. Original discovery by Neel Mehta, IBM Internet Security Systems X-Force.
}, },
'Author' => 'Author' => [ 'Carsten Maartmann-Moe <carsten@carmaa.com>' ],
[ 'License' => MSF_LICENSE,
'Carsten Maartmann-Moe <carsten@carmaa.com>' 'Version' => '$Revision$',
], 'Platform' => 'win',
'License' => MSF_LICENSE,
'Version' => '$Revision$',
'Platform' => 'win',
'References' => 'References' =>
[ [
[ 'OSVDB', '67988' ], [ 'OSVDB', '67988' ],
[ 'CVE', 'CVE-2006-5276' ], [ 'CVE', 'CVE-2006-5276' ],
[ 'URL', 'http://downloads.securityfocus.com/vulnerabilities/exploits/22616-linux.py'] [ 'URL', 'http://downloads.securityfocus.com/vulnerabilities/exploits/22616-linux.py']
], ],
'DefaultOptions' => 'DefaultOptions'=>
{ {
'EXITFUNC' => 'thread', 'EXITFUNC' => 'thread',
}, },
'Payload' => 'Payload' =>
{ {
'Space' => 390, 'Space' => 390,
'BadChars' => "\x00", 'BadChars' => "\x00",
'DisableNops' => true, 'DisableNops' => true,
}, },
'Targets' => 'Targets' =>
@ -66,9 +63,9 @@ class Metasploit3 < Msf::Exploit::Remote
} }
], ],
], ],
'Privileged' => true, 'Privileged' => true,
'DisclosureDate' => 'Feb 19 2007', 'DisclosureDate'=> 'Feb 19 2007',
'DefaultTarget' => 0)) 'DefaultTarget' => 0))
register_options( register_options(
[ [