Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Name: Microsoft Server Service NetpwPathCanonicalize Overflow
- Module: exploit/windows/smb/ms06_040_netapi
- Version: 14976
- Platform: Windows
- Privileged: Yes
- License: Metasploit Framework License (BSD)
- Rank: Good
- Provided by:
- hdm <hdm@
- metasploit.com>
- Available targets:
- Id Name
- -- ----
- 0 (wcscpy) Automatic (NT 4.0, 2000 SP0-SP4, XP SP0-SP1)
- 1 (wcscpy) Windows NT 4.0 / Windows 2000 SP0-SP4
- 2 (wcscpy) Windows XP SP0/SP1
- 3 (stack) Windows XP SP1 English
- 4 (stack) Windows XP SP1 Italian
- 5 (wcscpy) Windows 2003 SP0
- Basic options:
- Name Current Setting Required Description
- ---- --------------- -------- -----------
- RHOST yes The target address
- RPORT 445 yes Set the SMB service port
- SMBPIPE BROWSER yes The pipe name to use (BROWSER, SRVSVC)
- Payload information:
- Space: 370
- Avoid: 7 characters
- Description:
- This module exploits a stack buffer overflow in the NetApi32
- CanonicalizePathName() function using the NetpwPathCanonicalize RPC
- call in the Server Service. It is likely that other RPC calls could
- be used to exploit this service. This exploit will result in a
- denial of service on Windows XP SP2 or Windows 2003 SP1. A failed
- exploit attempt will likely result in a complete reboot on Windows
- 2000 and the termination of all SMB-related services on Windows XP.
- The default target for this exploit should succeed on Windows NT
- 4.0, Windows 2000 SP0-SP4+, Windows XP SP0-SP1 and Windows 2003 SP0.
- References:
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=2006-3439
- http://www.osvdb.org/27845
- http://www.securityfocus.com/bid/19409
- http://www.microsoft.com/technet/security/bulletin/MS06-040.mspx
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement