Metasploit mailing list archives
Re: cve-2010-1799
From: "Joshua J. Drake" <jdrake () metasploit com>
Date: Tue, 17 Aug 2010 17:14:51 -0500
On Tue, Aug 17, 2010 at 11:52:41AM -0600, Craig Freyman wrote:
I'm having problems with the cve-2010-1799 exploit: -] Exception handling request: Connection reset by peer /opt/metasploit3/msf3/lib/rex/io/stream.rb:44:in `syswrite' /opt/metasploit3/msf3/lib/rex/io/stream.rb:44:in `write' /opt/metasploit3/msf3/lib/rex/io/stream.rb:138:in `timed_write' /opt/metasploit3/msf3/lib/rex/io/stream.rb:169:in `put' /opt/metasploit3/msf3/lib/rex/proto/http/server.rb:44:in `send_response' /opt/metasploit3/msf3/lib/msf/core/exploit/http/server.rb:293:in `send_response' (eval):119:in `on_request_uri' /opt/metasploit3/msf3/lib/msf/core/exploit/http/server.rb:102 /opt/metasploit3/msf3/lib/rex/proto/http/handler/proc.rb:37:in `call' /opt/metasploit3/msf3/lib/rex/proto/http/handler/proc.rb:37:in `on_request' /opt/metasploit3/msf3/lib/rex/proto/http/server.rb:347:in `dispatch_request' /opt/metasploit3/msf3/lib/rex/proto/http/server.rb:286:in `on_client_data' /opt/metasploit3/msf3/lib/rex/proto/http/server.rb:143 /opt/metasploit3/msf3/lib/rex/io/stream_server.rb:45:in `call' /opt/metasploit3/msf3/lib/rex/io/stream_server.rb:45:in `on_client_data' /opt/metasploit3/msf3/lib/rex/io/stream_server.rb:182:in `monitor_clients' /opt/metasploit3/msf3/lib/rex/io/stream_server.rb:180:in `each' /opt/metasploit3/msf3/lib/rex/io/stream_server.rb:180:in `monitor_clients' /opt/metasploit3/msf3/lib/rex/io/stream_server.rb:69:in `start' /opt/metasploit3/msf3/lib/rex/io/stream_server.rb:68:in `initialize' /opt/metasploit3/msf3/lib/rex/io/stream_server.rb:68:in `new' /opt/metasploit3/msf3/lib/rex/io/stream_server.rb:68:in `start' /opt/metasploit3/msf3/lib/rex/proto/http/server.rb:146:in `start' /opt/metasploit3/msf3/lib/rex/service_manager.rb:80:in `start' /opt/metasploit3/msf3/lib/rex/service_manager.rb:24:in `start' /opt/metasploit3/msf3/lib/msf/core/exploit/http/server.rb:85:in `start_service' /opt/metasploit3/msf3/lib/msf/core/exploit/tcp.rb:307:in `exploit' /opt/metasploit3/msf3/lib/msf/core/exploit_driver.rb:201:in `job_run_proc' /opt/metasploit3/msf3/lib/msf/core/exploit_driver.rb:148 /opt/metasploit3/msf3/lib/rex/job_container.rb:36:in `call' /opt/metasploit3/msf3/lib/rex/job_container.rb:36:in `start' /opt/metasploit3/msf3/lib/rex/job_container.rb:31:in `initialize' /opt/metasploit3/msf3/lib/rex/job_container.rb:31:in `new' /opt/metasploit3/msf3/lib/rex/job_container.rb:31:in `start' /opt/metasploit3/msf3/lib/rex/job_container.rb:155:in `start_bg_job' /opt/metasploit3/msf3/lib/msf/core/exploit_driver.rb:145:in `run' /opt/metasploit3/msf3/lib/msf/base/simple/exploit.rb:125:in `exploit_simple' /opt/metasploit3/msf3/lib/msf/base/simple/exploit.rb:147:in `exploit_simple' /opt/metasploit3/msf3/lib/msf/ui/console/command_dispatcher/exploit.rb:145:in `cmd_exploit' /opt/metasploit3/msf3/lib/rex/ui/text/dispatcher_shell.rb:246:in `send' /opt/metasploit3/msf3/lib/rex/ui/text/dispatcher_shell.rb:246:in `run_command' /opt/metasploit3/msf3/lib/rex/ui/text/dispatcher_shell.rb:208:in `run_single' /opt/metasploit3/msf3/lib/rex/ui/text/dispatcher_shell.rb:202:in `each' /opt/metasploit3/msf3/lib/rex/ui/text/dispatcher_shell.rb:202:in `run_single' /opt/metasploit3/msf3/lib/rex/ui/text/shell.rb:141:in `run' /usr/local/bin/msfconsole:117 [*] Sending Apple QuickTime 7.6.6 Invalid SMIL URI Buffer Overflow exploit to 192.168.1.127:2161... [*] Trying target Apple QuickTime Player 7.6.6... [*] Sending Apple QuickTime 7.6.6 Invalid SMIL URI Buffer Overflow init HTML to 192.168.1.127:2165... [*] Sending Apple QuickTime 7.6.6 Invalid SMIL URI Buffer Overflow exploit to 192.168.1.127:2167... [*] Trying target Apple QuickTime Player 7.6.6... [-] Exception handling request: Connection reset by peer
Looks like the client is disconnecting before reqading the response from the server. It shouldn't really be any cause for concern. The error message does seem a bit verbose tho... Perhaps the client machine is patched. Or maybe its not a really browser? Could even be AV or something else in between tearing down the connection... -- Joshua J. Drake
Attachment:
_bin
Description:
_______________________________________________ https://mail.metasploit.com/mailman/listinfo/framework
Current thread:
- cve-2010-1799 Craig Freyman (Aug 17)
- Re: cve-2010-1799 Joshua J. Drake (Aug 17)