Metasploit mailing list archives

Re: cve-2010-1799

From: "Joshua J. Drake" <jdrake () metasploit com>
Date: Tue, 17 Aug 2010 17:14:51 -0500

On Tue, Aug 17, 2010 at 11:52:41AM -0600, Craig Freyman wrote:

I'm having problems with the cve-2010-1799 exploit:

-] Exception handling request: Connection reset by peer

/opt/metasploit3/msf3/lib/rex/io/stream.rb:44:in `syswrite'
/opt/metasploit3/msf3/lib/rex/io/stream.rb:44:in `write'
/opt/metasploit3/msf3/lib/rex/io/stream.rb:138:in `timed_write'
/opt/metasploit3/msf3/lib/rex/io/stream.rb:169:in `put'
/opt/metasploit3/msf3/lib/rex/proto/http/server.rb:44:in `send_response'
/opt/metasploit3/msf3/lib/msf/core/exploit/http/server.rb:293:in
`send_response'
(eval):119:in `on_request_uri'
/opt/metasploit3/msf3/lib/msf/core/exploit/http/server.rb:102
/opt/metasploit3/msf3/lib/rex/proto/http/handler/proc.rb:37:in `call'
/opt/metasploit3/msf3/lib/rex/proto/http/handler/proc.rb:37:in `on_request'
/opt/metasploit3/msf3/lib/rex/proto/http/server.rb:347:in `dispatch_request'
/opt/metasploit3/msf3/lib/rex/proto/http/server.rb:286:in `on_client_data'
/opt/metasploit3/msf3/lib/rex/proto/http/server.rb:143
/opt/metasploit3/msf3/lib/rex/io/stream_server.rb:45:in `call'
/opt/metasploit3/msf3/lib/rex/io/stream_server.rb:45:in `on_client_data'
/opt/metasploit3/msf3/lib/rex/io/stream_server.rb:182:in `monitor_clients'
/opt/metasploit3/msf3/lib/rex/io/stream_server.rb:180:in `each'
/opt/metasploit3/msf3/lib/rex/io/stream_server.rb:180:in `monitor_clients'
/opt/metasploit3/msf3/lib/rex/io/stream_server.rb:69:in `start'
/opt/metasploit3/msf3/lib/rex/io/stream_server.rb:68:in `initialize'
/opt/metasploit3/msf3/lib/rex/io/stream_server.rb:68:in `new'
/opt/metasploit3/msf3/lib/rex/io/stream_server.rb:68:in `start'
/opt/metasploit3/msf3/lib/rex/proto/http/server.rb:146:in `start'
/opt/metasploit3/msf3/lib/rex/service_manager.rb:80:in `start'
/opt/metasploit3/msf3/lib/rex/service_manager.rb:24:in `start'
/opt/metasploit3/msf3/lib/msf/core/exploit/http/server.rb:85:in
`start_service'
/opt/metasploit3/msf3/lib/msf/core/exploit/tcp.rb:307:in `exploit'
/opt/metasploit3/msf3/lib/msf/core/exploit_driver.rb:201:in `job_run_proc'
/opt/metasploit3/msf3/lib/msf/core/exploit_driver.rb:148
/opt/metasploit3/msf3/lib/rex/job_container.rb:36:in `call'
/opt/metasploit3/msf3/lib/rex/job_container.rb:36:in `start'
/opt/metasploit3/msf3/lib/rex/job_container.rb:31:in `initialize'
/opt/metasploit3/msf3/lib/rex/job_container.rb:31:in `new'
/opt/metasploit3/msf3/lib/rex/job_container.rb:31:in `start'
/opt/metasploit3/msf3/lib/rex/job_container.rb:155:in `start_bg_job'
/opt/metasploit3/msf3/lib/msf/core/exploit_driver.rb:145:in `run'
/opt/metasploit3/msf3/lib/msf/base/simple/exploit.rb:125:in `exploit_simple'
/opt/metasploit3/msf3/lib/msf/base/simple/exploit.rb:147:in `exploit_simple'
/opt/metasploit3/msf3/lib/msf/ui/console/command_dispatcher/exploit.rb:145:in
`cmd_exploit'
/opt/metasploit3/msf3/lib/rex/ui/text/dispatcher_shell.rb:246:in `send'
/opt/metasploit3/msf3/lib/rex/ui/text/dispatcher_shell.rb:246:in
`run_command'
/opt/metasploit3/msf3/lib/rex/ui/text/dispatcher_shell.rb:208:in
`run_single'
/opt/metasploit3/msf3/lib/rex/ui/text/dispatcher_shell.rb:202:in `each'
/opt/metasploit3/msf3/lib/rex/ui/text/dispatcher_shell.rb:202:in
`run_single'
/opt/metasploit3/msf3/lib/rex/ui/text/shell.rb:141:in `run'
/usr/local/bin/msfconsole:117
[*] Sending Apple QuickTime 7.6.6 Invalid SMIL URI Buffer Overflow exploit
to 192.168.1.127:2161...
[*] Trying target Apple QuickTime Player 7.6.6...
[*] Sending Apple QuickTime 7.6.6 Invalid SMIL URI Buffer Overflow init HTML
to 192.168.1.127:2165...
[*] Sending Apple QuickTime 7.6.6 Invalid SMIL URI Buffer Overflow exploit
to 192.168.1.127:2167...
[*] Trying target Apple QuickTime Player 7.6.6...
[-] Exception handling request: Connection reset by peer


Looks like the client is disconnecting before reqading the response
from the server. It shouldn't really be any cause for concern.

The error message does seem a bit verbose tho...

Perhaps the client machine is patched. Or maybe its not a really
browser? Could even be AV or something else in between tearing down
the connection...

-- 
Joshua J. Drake

Attachment: _bin
Description:

_______________________________________________
https://mail.metasploit.com/mailman/listinfo/framework

Current thread:

cve-2010-1799 Craig Freyman (Aug 17)
- Re: cve-2010-1799 Joshua J. Drake (Aug 17)