Metasploit mailing list archives
Metasploit Framework TMT 2007 hdDay exploit
From: jerome.athias at free.fr (Jerome Athias)
Date: Wed, 25 Jul 2007 22:07:07 +0200
*** JA Security Advisory *** JA Advisory: JA20070810 (Pre-release) v1.0 Revision $4444$ *** Title: Metasploit Framework Team Birthday Beerflow Vulnerability *** Critical: Extremely Critical (drinking bout) Impact: Ton of alcohol Where: From everywhere (and especially from Texas) Solution Status: None available Product affected: The Metasploit Team (TMT) version 2007 Vendor: The Metasploit Team CVE reference: None yet Disclosure timeline: 20070725: Full Disclosure 200708??: Full technical details will be released Vendor contacted: NO (it's full disclosure with black evil in mind ;) Description: A vulnerability has been discovered in The Metasploit Team (TMT), which can be exploited by malicious people to compromise a vulnerable team member. The vulnerability is caused due to the improper call to the Birthday() method in the HDM module of the TMT, which allows loading of arbitrary happy birthdays. This can be exploited to e.g. execute arbitrary pay-me-a-beer when an user visits a malicious bar. It could also lead to BBP (Big Birthday Party) & rock'n roll all night long with infinite tekila loop... The vulnerability affects the following product: * The Metasploit Team (TMT) version 2007, HDM package Solution: We are not aware of any solution yet. The vendor recommends to send your gifts by air mail to avoid mega drunk crashes. *Provided and/or discovered by*: Discovered by Jerome Athias and reported via MSF Labs' security mailing-list. *Original Advisory*: JA: (this mail) *Extended Solution*: The "Extended Solution" section is available for HDM's friends only. Request a trial and get access to the HD's Friends Area and Extended HD's brownies. More information should be provided next week... /JA -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3253 bytes Desc: S/MIME Cryptographic Signature URL: <http://mail.metasploit.com/pipermail/framework/attachments/20070725/5dbddf18/attachment.bin>
Current thread:
- Metasploit Framework TMT 2007 hdDay exploit Jerome Athias (Jul 25)
- Metasploit Framework TMT 2007 hdDay exploit angelic solutions (Jul 25)
- Metasploit Framework TMT 2007 hdDay exploit H D Moore (Jul 25)
- Metasploit Framework TMT 2007 hdDay exploit Patrick Webster (Jul 25)
- Metasploit Framework TMT 2007 hdDay exploit gz1x (Jul 26)
- Metasploit Framework TMT 2007 hdDay exploit str0ke (Jul 26)
- Metasploit Framework TMT 2007 hdDay exploit H D Moore (Jul 26)
- Metasploit Framework TMT 2007 hdDay exploit Alexander Sotirov (Jul 26)
- Metasploit Framework TMT 2007 hdDay exploit Pranay Kanwar (Jul 26)
- Metasploit Framework TMT 2007 hdDay exploit angelic solutions (Jul 26)
- Metasploit Framework TMT 2007 hdDay exploit Abhijeet Hatekar (Jul 26)
- Metasploit Framework TMT 2007 hdDay exploit angelic solutions (Jul 26)