Metasploit modules that can be used to exploit Wireshark » Wireshark » 1.0.4

Order by Disclosure Date Module Name Module Type
  • Wireshark CLDAP Dissector DOS
    Disclosure Date: 2011-03-01
    First seen: 2020-04-26
    auxiliary/dos/wireshark/cldap
    This module causes infinite recursion to occur within the CLDAP dissector by sending a specially crafted UDP packet. Authors: - joernchen <joernchen <joernchen <joernchen@phenoelit.de> (Phenoelit)>
  • Wireshark LWRES Dissector getaddrsbyname_request Buffer Overflow
    Disclosure Date: 2010-01-27
    First seen: 2020-04-26
    exploit/multi/misc/wireshark_lwres_getaddrbyname
    The LWRES dissector in Wireshark version 0.9.15 through 1.0.10 and 1.2.0 through 1.2.5 allows remote attackers to execute arbitrary code due to a stack-based buffer overflow. This bug found and reported by babi. This particular exploit targets the dissect_getaddrsbyname_request function. Several other functions also contain potentially exploitable stack-based buffer overflows. The Windows version (of 1.2.5 at least) is compiled with /GS, which prevents exploitation via the return address on the stack. Sending a larger string allows exploitation using the SEH bypass method. However, this packet will usually get fragmented, which may cause additional complications. NOTE: The vulnerable code is reached only when the packet dissection is rendered. If the packet is fragmented, all fragments must be captured and reassembled to exploit this issue. Authors: - babi - jduck <jduck@metasploit.com> - redsand
  • Wireshark LWRES Dissector getaddrsbyname_request Buffer Overflow (loop)
    Disclosure Date: 2010-01-27
    First seen: 2020-04-26
    exploit/multi/misc/wireshark_lwres_getaddrbyname_loop
    The LWRES dissector in Wireshark version 0.9.15 through 1.0.10 and 1.2.0 through 1.2.5 allows remote attackers to execute arbitrary code due to a stack-based buffer overflow. This bug found and reported by babi. This particular exploit targets the dissect_getaddrsbyname_request function. Several other functions also contain potentially exploitable stack-based buffer overflows. The Windows version (of 1.2.5 at least) is compiled with /GS, which prevents exploitation via the return address on the stack. Sending a larger string allows exploitation using the SEH bypass method. However, this packet will usually get fragmented, which may cause additional complications. NOTE: The vulnerable code is reached only when the packet dissection is rendered. If the packet is fragmented, all fragments must be captured and reassembled to exploit this issue. This version loops, sending the packet every X seconds until the job is killed. Authors: - babi - jduck <jduck@metasploit.com> - redsand
3 metasploit modules found
Please note: Metasploit modules are only matched by CVE numbers. Visit metasploit web site for more details
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!
Accept Close