Metasploit mailing list archives
regarding iis50_printer_overflow
From: nulldevice83 at yahoo.com (Null Device)
Date: Sun, 10 Apr 2005 23:46:47 -0700 (PDT)
hello all, regarding this it seems it is an exploit for IIS printer vulnerability documented here http://securityfocus.com/bid/2674 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0241 just to highlight , the refrences given in the msf are ['OSVDB', 548] -> is invalid osvdb cant find it. ['MSB', 'MS01-023'] -> states the this covers the above stated CVE no. 2001-0241 ['URL', 'http://lists.insecure.org/lists/bugtraq/2001/May/0011.html'], -> points to openssl vuln mail. I am actually confused if this exploit is for CVE-2001-0241. I happen to see the .pm file related to the exploit in exploit code we have $request = "GET http://$pattern/null.printer?$shellcode HTTP/1.0\r\n\r\n"; and in check code we have $s->Send("GET /NULL.printer\r\nHost: " . ("META" x 64) . "P\r\n\r\n"); The documented information regarding this exploit says the problem is coz of host header being > 256. so the check seems to be sending correct request where as i am not sure abt the "sub exploit" of the .pm file if the request sent from there is correct to exploit the server. __________________________________ Do you Yahoo!? Yahoo! Small Business - Try our new resources site! http://smallbusiness.yahoo.com/resources/
Current thread:
- regarding iis50_printer_overflow Null Device (Apr 10)