fix a few stack bof vulnerability descriptions

git-svn-id: file:///home/svn/framework3/trunk@10660 4d416f70-5f16-0410-b530-b9f4589650da
2010-10-12 18:39:21 +00:00 · 2010-10-12 18:39:21 +00:00 · e0e4aebcc1
parent ad4064ed20
commit e0e4aebcc1
12 changed files with 48 additions and 44 deletions
--- a/modules/exploits/windows/fileformat/digital_music_pad_pls.rb
+++ b/modules/exploits/windows/fileformat/digital_music_pad_pls.rb
@ -19,7 +19,7 @@ class Metasploit3 < Msf::Exploit::Remote

 	def initialize(info = {})
 		super(update_info(info,
-			'Name' => 'Digital Music Pad Version 8.2.3.3.4 SEH overflow',
+			'Name' => 'Digital Music Pad Version 8.2.3.3.4 Stack Buffer Overflow',
 			'Description' => %q{
 					This module exploits a buffer overflow in Digital Music Pad Version 8.2.3.3.4
 				When opening a malicious pls file with the Digital Music Pad,
--- a/modules/exploits/windows/ftp/aasync_list_reply.rb
+++ b/modules/exploits/windows/ftp/aasync_list_reply.rb
@ -17,7 +17,9 @@ class Metasploit3 < Msf::Exploit::Remote
 		super(update_info(info,
 			'Name'           => 'AASync v2.2.1.0 (Win32) Stack Buffer Overflow (LIST)',
 			'Description'    => %q{
-					This module exploits a stack buffer overflow in AASync v2.2.1.0, triggered when processing the response on a LIST command. During the overflow, a structured exception handler record gets overwritten.
+					This module exploits a stack buffer overflow in AASync v2.2.1.0, triggered when
+				processing the response on a LIST command. During the overflow, a structured exception
+				handler record gets overwritten.
 			},
 			'Author' 	 =>
 				[
--- a/modules/exploits/windows/ftp/filewrangler_list_reply.rb
+++ b/modules/exploits/windows/ftp/filewrangler_list_reply.rb
@ -16,11 +16,11 @@ class Metasploit3 < Msf::Exploit::Remote

 	def initialize(info = {})
 		super(update_info(info,
-			'Name'           => 'FileWrangler 5.30 Buffer Overflow',
+			'Name'           => 'FileWrangler 5.30 Stack Buffer Overflow',
 			'Description'    => %q{
-					This module exploits an SEH overwrite in the FileWrangler client
-					that is triggered when the client connects to a FTP server and lists
-					the directory contents, containing an overly long directory name..
+					This module exploits a buffer overflow in the FileWrangler client
+				that is triggered when the client connects to a FTP server and lists
+				the directory contents, containing an overly long directory name.
 			},
 			'Author' 	 =>
 				[
--- a/modules/exploits/windows/ftp/ftpgetter_pwd_reply.rb
+++ b/modules/exploits/windows/ftp/ftpgetter_pwd_reply.rb
@ -18,8 +18,10 @@ class Metasploit3 < Msf::Exploit::Remote
 		super(update_info(info,
 			'Name'           => 'FTPGetter Standard v3.55.0.05 Stack Buffer Overflow (PWD)',
 			'Description'    => %q{
-					This module exploits a SEH overflow in FTPGetter Standard v3.55.0.05 ftp client, triggered
-				when processing the response on a PWD command.
+					This module exploits a buffer overflow in FTPGetter Standard v3.55.0.05 ftp client.
+				When processing the response on a PWD command, a stack based buffer overflow occurs.
+				This leads to arbitrary code execution when a structured exception handler gets 
+				overwritten.
 			},
 			'Author' 	 =>
 				[
--- a/modules/exploits/windows/ftp/ftppad_list_reply.rb
+++ b/modules/exploits/windows/ftp/ftppad_list_reply.rb
@ -17,14 +17,13 @@ class Metasploit3 < Msf::Exploit::Remote
 		super(update_info(info,
 			'Name'           => 'FTPPad 1.2.0 Stack Buffer Overflow',
 			'Description'    => %q{
-					This module exploits a stack buffer overflow FTPPad 1.2.0 ftp client.
-					The overflow is triggered when the client connects to a FTP server
-					which sends an overly long directory and filename in response to a
-					LIST command.
-					This will cause an access violation, and will eventually overwrite the
-					saved extended instruction pointer.
-					Payload can be found at EDX+5c and ESI+5c, so a little pivot/sniper was needed
-					to make this one work.
+					This module exploits a stack buffer overflow FTPPad 1.2.0 ftp client. The overflow is
+				triggered when the client connects to a FTP server which sends an overly long directory
+				and filename in response to a LIST command.
+
+				This will cause an access violation, and will eventually overwrite the saved extended 
+				instruction pointer.  Payload can be found at EDX+5c and ESI+5c, so a little pivot/
+				sniper was needed to make this one work.
 			},
 			'Author' 	 =>
 				[
--- a/modules/exploits/windows/ftp/ftpshell51_pwd_reply.rb
+++ b/modules/exploits/windows/ftp/ftpshell51_pwd_reply.rb
@ -17,9 +17,10 @@ class Metasploit3 < Msf::Exploit::Remote
 	def initialize(info = {})
 		super(update_info(info,
 			'Name'           => 'FTPShell 5.1 Stack Buffer Overflow',
-			'Description'    => %q{	This module exploits a stack buffer overflow in FTPShell 5.1. The overflow gets
-							triggered when the ftp clients tries to process an overly response to a PWD command.
-							This will overwrite the saved EIP and structured exception handler.
+			'Description'    => %q{
+					This module exploits a stack buffer overflow in FTPShell 5.1. The overflow gets
+				triggered when the ftp clients tries to process an overly response to a PWD command.
+				This will overwrite the saved EIP and structured exception handler.
 			},
 			'Author' 	 =>
 				[
--- a/modules/exploits/windows/ftp/ftpsynch_list_reply.rb
+++ b/modules/exploits/windows/ftp/ftpsynch_list_reply.rb
@ -15,14 +15,14 @@ class Metasploit3 < Msf::Exploit::Remote

 	def initialize(info = {})
 		super(update_info(info,
-			'Name'           => 'FTP Synchronizer Professional 4.0.73.274',
-			'Description'    => %q{	This module exploits a stack buffer overflow vulnerability in
-							FTP Synchronizer Pro 4.0.73.274
-							The overflow gets triggered by sending an overly long filename to the client
-							in response to a LIST command.
-							The LIST command gets issued when doing a preview or when you have just created a new
-							sync profile and allow the tool to see the differences.
-							This will overwrite a structured exception handler and trigger an access violation.
+			'Name'           => 'FTP Synchronizer Professional 4.0.73.274 Stack Buffer Overflow',
+			'Description'    => %q{
+					This module exploits a stack buffer overflow vulnerability in FTP Synchronizer Pro 
+				version 4.0.73.274 The overflow gets triggered by sending an overly long filename to 
+				the client in response to a LIST command.
+				The LIST command gets issued when doing a preview or when you have just created a new
+				sync profile and allow the tool to see the differences.
+				This will overwrite a structured exception handler and trigger an access violation.
 			},
 			'Author' 	 =>
 				[
@ -51,7 +51,6 @@ class Metasploit3 < Msf::Exploit::Remote
 			'Privileged'     => false,
 			'DisclosureDate' => 'Oct 12 2010',
 			'DefaultTarget'  => 0))
-
 	end

 	def setup
--- a/modules/exploits/windows/ftp/gekkomgr_list_reply.rb
+++ b/modules/exploits/windows/ftp/gekkomgr_list_reply.rb
@ -16,12 +16,11 @@ class Metasploit3 < Msf::Exploit::Remote

 	def initialize(info = {})
 		super(update_info(info,
-			'Name'           => 'Gekko Manager FTP Client Stack Buffer Overflow ',
+			'Name'           => 'Gekko Manager FTP Client Stack Buffer Overflow',
 			'Description'    => %q{
-					This module exploits a SEH overflow in Gekko Manager ftp client, triggered when
-					processing the response received after sending a LIST request.
-					If this response contains a long filename, a buffer overflow occurs, overwriting
-					a structured exception handler.
+					This module exploits a buffer overflow in Gekko Manager ftp client, triggered when
+				processing the response received after sending a LIST request. If this response contains
+				a long filename, a buffer overflow occurs, overwriting a structured exception handler.
 			},
 			'Author' 	 =>
 				[
--- a/modules/exploits/windows/ftp/leapftp_list_reply.rb
+++ b/modules/exploits/windows/ftp/leapftp_list_reply.rb
@ -17,10 +17,10 @@ class Metasploit3 < Msf::Exploit::Remote

 	def initialize(info = {})
 		super(update_info(info,
-			'Name'           => 'LeapFTP 3.0.1. SEH Overwrite',
+			'Name'           => 'LeapFTP 3.0.1 Stack Buffer Overflow',
 			'Description'    => %q{
-					This module exploits a SEH overwrite in the LeapFTP 3.0.1 client
-					triggered when a file with a long name is downloaded/opened.
+					This module exploits a buffer overflow in the LeapFTP 3.0.1 client.
+				This issue is triggered when a file with a long name is downloaded/opened.
 			},
 			'Author' 	 =>
 				[
--- a/modules/exploits/windows/ftp/odin_list_reply.rb
+++ b/modules/exploits/windows/ftp/odin_list_reply.rb
@ -18,7 +18,9 @@ class Metasploit3 < Msf::Exploit::Remote
 		super(update_info(info,
 			'Name'           => 'Odin Secure FTP 4.1 Stack Buffer Overflow (LIST)',
 			'Description'    => %q{
-					This module exploits a stack buffer overflow in Odin Secure FTP 4.1, triggered when processing the response on a LIST command. During the overflow, a structured exception handler record gets overwritten.
+					This module exploits a stack buffer overflow in Odin Secure FTP 4.1,
+				triggered when processing the response on a LIST command. During the overflow,
+				a structured exception handler record gets overwritten.
 			},
 			'Author' 	 =>
 				[
--- a/modules/exploits/windows/ftp/seagull_list_reply.rb
+++ b/modules/exploits/windows/ftp/seagull_list_reply.rb
@ -16,12 +16,12 @@ class Metasploit3 < Msf::Exploit::Remote

 	def initialize(info = {})
 		super(update_info(info,
-			'Name'           => 'Seagull FTP v3.3 build 409 Client',
+			'Name'           => 'Seagull FTP v3.3 build 409 Stack Buffer Overflow',
 			'Description'    => %q{
-					This module exploits a SEH overwrite in the Seagull FTP client that gets triggered
-					when the ftp clients processes a response to a LIST command. If the response contains
-					an overly long file/folder name, a buffer overflow occurs, overwriting a structured
-					exception handler..
+					This module exploits a buffer overflow in the Seagull FTP client that gets 
+				triggered when the ftp clients processes a response to a LIST command. If the
+				response contains an overly long file/folder name, a buffer overflow occurs, 
+				overwriting a structured exception handler.
 			},
 			'Author' 	 =>
 				[
@ -53,7 +53,7 @@ class Metasploit3 < Msf::Exploit::Remote
 			'DefaultTarget'  => 0))
 	end

-		#---------------------------------------------------------------------------------
+	#---------------------------------------------------------------------------------

 	def setup
 		super
--- a/modules/exploits/windows/http/hp_nnm_ovas.rb
+++ b/modules/exploits/windows/http/hp_nnm_ovas.rb
@ -25,7 +25,7 @@ class Metasploit3 < Msf::Exploit::Remote

 	def initialize(info = {})
 		super(update_info(info,
-			'Name'	=> 'HP OpenView NNM 7.53, 7.51 OVAS.EXE Pre-Authentication SEH Overflow',
+			'Name'	=> 'HP OpenView NNM 7.53, 7.51 OVAS.EXE Pre-Authentication Stack Buffer Overflow',
 			'Description'	=> %q{
 					This module exploits a stack buffer overflow in HP OpenView Network Node Manager versions 7.53 and earlier.
 				Specifically this vulnerability is caused by a failure to properly handle user supplied input within the