Metasploit mailing list archives

Re: Exploit module in metasploit

From: Ramon de Carvalho Valle <ramon () metasploit com>
Date: Sun, 18 Apr 2010 22:19:19 -0300

The modules for InterBase only work for versions of InterBase, not
Firebird. I have not developed a module for CVE-2007-3181, however, the
modules for CVE-2007-5243 include the versions of Firebird vulnerable to
CVE-2007-3181 and probably can be used.

The following is the list of modules:

modules/exploit/windows/misc/fb_isc_attach_database
modules/exploit/windows/misc/fb_isc_create_database
modules/exploit/windows/misc/fb_svc_attach

-Ramon


Joshua Drake wrote:

From my memory, many of the vulnerabilities reported in InterBase were

due to a bundled version of Firebird. In those cases, the modules should
be for Firebird and simply reference InterBase as having bundled it.


Additionally, we should check whether we need to develop an exploit

for CVE-2007-3181 or if one of the other existing modules covers that case.



On 04/16/2010 01:29 PM, Joshua J. Drake wrote:

On Fri, Apr 16, 2010 at 11:23:08AM -0300, David Guimaraes wrote:

I wonder if there is any module(or intend to make) in metasploit that
exploits CVE-2007-3181 (Vulnerability in Firebird/Interbase). This
vulnerability is a buffer overflow in Firebird SQL 2 (fbserver.exe) that
allows remote attackers to execute arbitrary code.

Despite being an old vulnerability (2007), in an old version (firebird <
2.0.1), there are still many unpatched machines. In a scanning pentest
conducted in an organization through Nessus, I was able to locate several
machines that has this vulnerability, however, I could not find any
exploits.

Any help is welcome. Thank you.


David,

That CVE (2007-3181) is not currently on the TODO list. However, you
may want to investigate the various InterBase modules, including
http://www.metasploit.com/modules/exploit/linux/misc/ib_inet_connect ..
From memory, those vulnerabilities in InterBase were due to a bundled
version of the Firebird Database.

I filed a ticket in the MSF Redmine to track clarifying etc. It is
ticket #1706.




_______________________________________________
https://mail.metasploit.com/mailman/listinfo/framework

_______________________________________________
https://mail.metasploit.com/mailman/listinfo/framework

Current thread:

Exploit module in metasploit David Guimaraes (Apr 16)
- Re: Exploit module in metasploit Joshua J. Drake (Apr 16)
  - Re: Exploit module in metasploit Ramon de Carvalho Valle (Apr 18)