infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

fix a few stack bof vulnerability descriptions 

git-svn-id: file:///home/svn/framework3/trunk@10660 4d416f70-5f16-0410-b530-b9f4589650da
unstable
Joshua Drake 2010-10-12 18:39:21 +00:00
parent ad4064ed20
commit e0e4aebcc1
12 changed files with 48 additions and 44 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
modules/exploits/windows/fileformat/digital_music_pad_pls.rb
View File

@ -19,7 +19,7 @@ class Metasploit3 < Msf::Exploit::Remote
def initialize(info = {}) def initialize(info = {})
super(update_info(info, super(update_info(info,
'Name' => 'Digital Music Pad Version 8.2.3.3.4 SEH overflow', 'Name' => 'Digital Music Pad Version 8.2.3.3.4 Stack Buffer Overflow',
'Description' => %q{ 'Description' => %q{
This module exploits a buffer overflow in Digital Music Pad Version 8.2.3.3.4 This module exploits a buffer overflow in Digital Music Pad Version 8.2.3.3.4
When opening a malicious pls file with the Digital Music Pad, When opening a malicious pls file with the Digital Music Pad,

4
modules/exploits/windows/ftp/aasync_list_reply.rb
View File

@ -17,7 +17,9 @@ class Metasploit3 < Msf::Exploit::Remote
super(update_info(info, super(update_info(info,
'Name' => 'AASync v2.2.1.0 (Win32) Stack Buffer Overflow (LIST)', 'Name' => 'AASync v2.2.1.0 (Win32) Stack Buffer Overflow (LIST)',
'Description' => %q{ 'Description' => %q{
This module exploits a stack buffer overflow in AASync v2.2.1.0, triggered when processing the response on a LIST command. During the overflow, a structured exception handler record gets overwritten. This module exploits a stack buffer overflow in AASync v2.2.1.0, triggered when
processing the response on a LIST command. During the overflow, a structured exception
handler record gets overwritten.
}, },
'Author' => 'Author' =>
[ [

8
modules/exploits/windows/ftp/filewrangler_list_reply.rb
View File

@ -16,11 +16,11 @@ class Metasploit3 < Msf::Exploit::Remote
def initialize(info = {}) def initialize(info = {})
super(update_info(info, super(update_info(info,
'Name' => 'FileWrangler 5.30 Buffer Overflow', 'Name' => 'FileWrangler 5.30 Stack Buffer Overflow',
'Description' => %q{ 'Description' => %q{
This module exploits an SEH overwrite in the FileWrangler client This module exploits a buffer overflow in the FileWrangler client
that is triggered when the client connects to a FTP server and lists that is triggered when the client connects to a FTP server and lists
the directory contents, containing an overly long directory name.. the directory contents, containing an overly long directory name.
}, },
'Author' => 'Author' =>
[ [

6
modules/exploits/windows/ftp/ftpgetter_pwd_reply.rb
View File

@ -18,8 +18,10 @@ class Metasploit3 < Msf::Exploit::Remote
super(update_info(info, super(update_info(info,
'Name' => 'FTPGetter Standard v3.55.0.05 Stack Buffer Overflow (PWD)', 'Name' => 'FTPGetter Standard v3.55.0.05 Stack Buffer Overflow (PWD)',
'Description' => %q{ 'Description' => %q{
This module exploits a SEH overflow in FTPGetter Standard v3.55.0.05 ftp client, triggered This module exploits a buffer overflow in FTPGetter Standard v3.55.0.05 ftp client.
when processing the response on a PWD command. When processing the response on a PWD command, a stack based buffer overflow occurs.
This leads to arbitrary code execution when a structured exception handler gets
overwritten.
}, },
'Author' => 'Author' =>
[ [

15
modules/exploits/windows/ftp/ftppad_list_reply.rb
View File

@ -17,14 +17,13 @@ class Metasploit3 < Msf::Exploit::Remote
super(update_info(info, super(update_info(info,
'Name' => 'FTPPad 1.2.0 Stack Buffer Overflow', 'Name' => 'FTPPad 1.2.0 Stack Buffer Overflow',
'Description' => %q{ 'Description' => %q{
This module exploits a stack buffer overflow FTPPad 1.2.0 ftp client. This module exploits a stack buffer overflow FTPPad 1.2.0 ftp client. The overflow is
The overflow is triggered when the client connects to a FTP server triggered when the client connects to a FTP server which sends an overly long directory
which sends an overly long directory and filename in response to a and filename in response to a LIST command.
LIST command.
This will cause an access violation, and will eventually overwrite the This will cause an access violation, and will eventually overwrite the saved extended
saved extended instruction pointer. instruction pointer. Payload can be found at EDX+5c and ESI+5c, so a little pivot/
Payload can be found at EDX+5c and ESI+5c, so a little pivot/sniper was needed sniper was needed to make this one work.
to make this one work.
}, },
'Author' => 'Author' =>
[ [

7
modules/exploits/windows/ftp/ftpshell51_pwd_reply.rb
View File

@ -17,9 +17,10 @@ class Metasploit3 < Msf::Exploit::Remote
def initialize(info = {}) def initialize(info = {})
super(update_info(info, super(update_info(info,
'Name' => 'FTPShell 5.1 Stack Buffer Overflow', 'Name' => 'FTPShell 5.1 Stack Buffer Overflow',
'Description' => %q{ This module exploits a stack buffer overflow in FTPShell 5.1. The overflow gets 'Description' => %q{
triggered when the ftp clients tries to process an overly response to a PWD command. This module exploits a stack buffer overflow in FTPShell 5.1. The overflow gets
This will overwrite the saved EIP and structured exception handler. triggered when the ftp clients tries to process an overly response to a PWD command.
This will overwrite the saved EIP and structured exception handler.
}, },
'Author' => 'Author' =>
[ [

17
modules/exploits/windows/ftp/ftpsynch_list_reply.rb
View File

@ -15,14 +15,14 @@ class Metasploit3 < Msf::Exploit::Remote
def initialize(info = {}) def initialize(info = {})
super(update_info(info, super(update_info(info,
'Name' => 'FTP Synchronizer Professional 4.0.73.274', 'Name' => 'FTP Synchronizer Professional 4.0.73.274 Stack Buffer Overflow',
'Description' => %q{ This module exploits a stack buffer overflow vulnerability in 'Description' => %q{
FTP Synchronizer Pro 4.0.73.274 This module exploits a stack buffer overflow vulnerability in FTP Synchronizer Pro
The overflow gets triggered by sending an overly long filename to the client version 4.0.73.274 The overflow gets triggered by sending an overly long filename to
in response to a LIST command. the client in response to a LIST command.
The LIST command gets issued when doing a preview or when you have just created a new The LIST command gets issued when doing a preview or when you have just created a new
sync profile and allow the tool to see the differences. sync profile and allow the tool to see the differences.
This will overwrite a structured exception handler and trigger an access violation. This will overwrite a structured exception handler and trigger an access violation.
}, },
'Author' => 'Author' =>
[ [
@ -51,7 +51,6 @@ class Metasploit3 < Msf::Exploit::Remote
'Privileged' => false, 'Privileged' => false,
'DisclosureDate' => 'Oct 12 2010', 'DisclosureDate' => 'Oct 12 2010',
'DefaultTarget' => 0)) 'DefaultTarget' => 0))
end end
def setup def setup

9
modules/exploits/windows/ftp/gekkomgr_list_reply.rb
View File

@ -16,12 +16,11 @@ class Metasploit3 < Msf::Exploit::Remote
def initialize(info = {}) def initialize(info = {})
super(update_info(info, super(update_info(info,
'Name' => 'Gekko Manager FTP Client Stack Buffer Overflow ', 'Name' => 'Gekko Manager FTP Client Stack Buffer Overflow',
'Description' => %q{ 'Description' => %q{
This module exploits a SEH overflow in Gekko Manager ftp client, triggered when This module exploits a buffer overflow in Gekko Manager ftp client, triggered when
processing the response received after sending a LIST request. processing the response received after sending a LIST request. If this response contains
If this response contains a long filename, a buffer overflow occurs, overwriting a long filename, a buffer overflow occurs, overwriting a structured exception handler.
a structured exception handler.
}, },
'Author' => 'Author' =>
[ [

6
modules/exploits/windows/ftp/leapftp_list_reply.rb
View File

@ -17,10 +17,10 @@ class Metasploit3 < Msf::Exploit::Remote
def initialize(info = {}) def initialize(info = {})
super(update_info(info, super(update_info(info,
'Name' => 'LeapFTP 3.0.1. SEH Overwrite', 'Name' => 'LeapFTP 3.0.1 Stack Buffer Overflow',
'Description' => %q{ 'Description' => %q{
This module exploits a SEH overwrite in the LeapFTP 3.0.1 client This module exploits a buffer overflow in the LeapFTP 3.0.1 client.
triggered when a file with a long name is downloaded/opened. This issue is triggered when a file with a long name is downloaded/opened.
}, },
'Author' => 'Author' =>
[ [

4
modules/exploits/windows/ftp/odin_list_reply.rb
View File

@ -18,7 +18,9 @@ class Metasploit3 < Msf::Exploit::Remote
super(update_info(info, super(update_info(info,
'Name' => 'Odin Secure FTP 4.1 Stack Buffer Overflow (LIST)', 'Name' => 'Odin Secure FTP 4.1 Stack Buffer Overflow (LIST)',
'Description' => %q{ 'Description' => %q{
This module exploits a stack buffer overflow in Odin Secure FTP 4.1, triggered when processing the response on a LIST command. During the overflow, a structured exception handler record gets overwritten. This module exploits a stack buffer overflow in Odin Secure FTP 4.1,
triggered when processing the response on a LIST command. During the overflow,
a structured exception handler record gets overwritten.
}, },
'Author' => 'Author' =>
[ [

12
modules/exploits/windows/ftp/seagull_list_reply.rb
View File

@ -16,12 +16,12 @@ class Metasploit3 < Msf::Exploit::Remote
def initialize(info = {}) def initialize(info = {})
super(update_info(info, super(update_info(info,
'Name' => 'Seagull FTP v3.3 build 409 Client', 'Name' => 'Seagull FTP v3.3 build 409 Stack Buffer Overflow',
'Description' => %q{ 'Description' => %q{
This module exploits a SEH overwrite in the Seagull FTP client that gets triggered This module exploits a buffer overflow in the Seagull FTP client that gets
when the ftp clients processes a response to a LIST command. If the response contains triggered when the ftp clients processes a response to a LIST command. If the
an overly long file/folder name, a buffer overflow occurs, overwriting a structured response contains an overly long file/folder name, a buffer overflow occurs,
exception handler.. overwriting a structured exception handler.
}, },
'Author' => 'Author' =>
[ [
@ -53,7 +53,7 @@ class Metasploit3 < Msf::Exploit::Remote
'DefaultTarget' => 0)) 'DefaultTarget' => 0))
end end
#--------------------------------------------------------------------------------- #---------------------------------------------------------------------------------
def setup def setup
super super

2
modules/exploits/windows/http/hp_nnm_ovas.rb
View File

@ -25,7 +25,7 @@ class Metasploit3 < Msf::Exploit::Remote
def initialize(info = {}) def initialize(info = {})
super(update_info(info, super(update_info(info,
'Name' => 'HP OpenView NNM 7.53, 7.51 OVAS.EXE Pre-Authentication SEH Overflow', 'Name' => 'HP OpenView NNM 7.53, 7.51 OVAS.EXE Pre-Authentication Stack Buffer Overflow',
'Description' => %q{ 'Description' => %q{
This module exploits a stack buffer overflow in HP OpenView Network Node Manager versions 7.53 and earlier. This module exploits a stack buffer overflow in HP OpenView Network Node Manager versions 7.53 and earlier.
Specifically this vulnerability is caused by a failure to properly handle user supplied input within the Specifically this vulnerability is caused by a failure to properly handle user supplied input within the