Metasploit mailing list archives
Re: [enhacement+question] Oracle 10gR2 TNS Listener AUTH_SESSKEY Buffer Overflow
From: "Joshua J. Drake" <jdrake () metasploit com>
Date: Wed, 11 Jan 2012 16:48:51 -0600
On Wed, Jan 11, 2012 at 08:55:29AM +0100, Lukas Kuzmiak wrote:
after reviewing the exploit I discovered there's a hardcoded sid ORCL, however this may not exists on every oracle system, so here's a tiny patch to turn it into an option. can someone merge it please (if considered useful)?
Thanks again for your patch. Much of that exploit is hardcoded.
however even after disabling DEP exploits never finishes as it's supposed to - after call to kpoauth oracle.exe just ends up crashing like: Access violation when reading [644B566A] I haven't yet managed to look into this, but I'm going to - keeping this bug in mind http://dev.metasploit.com/redmine/issues/812
I'm guessing this is due to slight version mismatch with what the exploit was developed against. If you can create a target for your version we'd be happy to add it to the exploit.
I wanted to ask if there's some more generic way to bypass DEP in metasploit already or if there's a recommended approach, I'd like to try implementing it into the module once digging into it while debugging the issue mentioned above.
As far as I know, there still is not any generic DEP implementation within the framework. It's sort of an odd cat to skin. That is, it doesn't necessarily fit well any specific place within the framework's design... Hopefully before too long something will happen and we'll get something in =) -- Joshua J. Drake
Attachment:
_bin
Description:
_______________________________________________ https://mail.metasploit.com/mailman/listinfo/framework
Current thread:
- [enhacement+question] Oracle 10gR2 TNS Listener AUTH_SESSKEY Buffer Overflow Lukas Kuzmiak (Jan 10)
- Re: [enhacement+question] Oracle 10gR2 TNS Listener AUTH_SESSKEY Buffer Overflow Tod Beardsley (Jan 11)
- Re: [enhacement+question] Oracle 10gR2 TNS Listener AUTH_SESSKEY Buffer Overflow Joshua J. Drake (Jan 11)