Metasploit mailing list archives
Re: Exploit module in metasploit
From: "Joshua J. Drake" <jdrake () metasploit com>
Date: Fri, 16 Apr 2010 11:29:07 -0500
On Fri, Apr 16, 2010 at 11:23:08AM -0300, David Guimaraes wrote:
I wonder if there is any module(or intend to make) in metasploit that exploits CVE-2007-3181 (Vulnerability in Firebird/Interbase). This vulnerability is a buffer overflow in Firebird SQL 2 (fbserver.exe) that allows remote attackers to execute arbitrary code. Despite being an old vulnerability (2007), in an old version (firebird < 2.0.1), there are still many unpatched machines. In a scanning pentest conducted in an organization through Nessus, I was able to locate several machines that has this vulnerability, however, I could not find any exploits. Any help is welcome. Thank you.
David, That CVE (2007-3181) is not currently on the TODO list. However, you may want to investigate the various InterBase modules, including http://www.metasploit.com/modules/exploit/linux/misc/ib_inet_connect .. From memory, those vulnerabilities in InterBase were due to a bundled version of the Firebird Database. I filed a ticket in the MSF Redmine to track clarifying etc. It is ticket #1706. -- Joshua J. Drake
Attachment:
_bin
Description:
_______________________________________________ https://mail.metasploit.com/mailman/listinfo/framework
Current thread:
- Exploit module in metasploit David Guimaraes (Apr 16)
- Re: Exploit module in metasploit Joshua J. Drake (Apr 16)
- Re: Exploit module in metasploit Ramon de Carvalho Valle (Apr 18)
- Re: Exploit module in metasploit Joshua J. Drake (Apr 16)