-
Wireshark CLDAP Dissector DOS
Disclosure Date: 2011-03-01First seen: 2020-04-26auxiliary/dos/wireshark/cldapThis module causes infinite recursion to occur within the CLDAP dissector by sending a specially crafted UDP packet. Authors: - joernchen <joernchen <joernchen <joernchen@phenoelit.de> (Phenoelit)> -
Wireshark LWRES Dissector getaddrsbyname_request Buffer Overflow
Disclosure Date: 2010-01-27First seen: 2020-04-26exploit/multi/misc/wireshark_lwres_getaddrbynameThe LWRES dissector in Wireshark version 0.9.15 through 1.0.10 and 1.2.0 through 1.2.5 allows remote attackers to execute arbitrary code due to a stack-based buffer overflow. This bug found and reported by babi. This particular exploit targets the dissect_getaddrsbyname_request function. Several other functions also contain potentially exploitable stack-based buffer overflows. The Windows version (of 1.2.5 at least) is compiled with /GS, which prevents exploitation via the return address on the stack. Sending a larger string allows exploitation using the SEH bypass method. However, this packet will usually get fragmented, which may cause additional complications. NOTE: The vulnerable code is reached only when the packet dissection is rendered. If the packet is fragmented, all fragments must be captured and reassembled to exploit this issue. Authors: - babi - jduck <jduck@metasploit.com> - redsand -
Wireshark LWRES Dissector getaddrsbyname_request Buffer Overflow (loop)
Disclosure Date: 2010-01-27First seen: 2020-04-26exploit/multi/misc/wireshark_lwres_getaddrbyname_loopThe LWRES dissector in Wireshark version 0.9.15 through 1.0.10 and 1.2.0 through 1.2.5 allows remote attackers to execute arbitrary code due to a stack-based buffer overflow. This bug found and reported by babi. This particular exploit targets the dissect_getaddrsbyname_request function. Several other functions also contain potentially exploitable stack-based buffer overflows. The Windows version (of 1.2.5 at least) is compiled with /GS, which prevents exploitation via the return address on the stack. Sending a larger string allows exploitation using the SEH bypass method. However, this packet will usually get fragmented, which may cause additional complications. NOTE: The vulnerable code is reached only when the packet dissection is rendered. If the packet is fragmented, all fragments must be captured and reassembled to exploit this issue. This version loops, sending the packet every X seconds until the job is killed. Authors: - babi - jduck <jduck@metasploit.com> - redsand
3 metasploit modules found
Please note: Metasploit modules are only matched by CVE numbers.
Visit metasploit web site for more details