Security Research has released an exploit written in Metasploit framework for the benefit of the penetration testing community. The exploit was converted to metasploit framework and verified. We have also verified two other exploits.
TFTP Server version 1.4 exploit for Metasploit framework (newly converted/fix already available)
Tftp server v1.4 RRQ buffer overflow will send a Read Request (RRQ) packet which can trigger a buffer overflow in the victim system. After creating the buffer overflow the system will try to reset the buffer. After resetting the buffer, the stack pointer will point to the location which we desire. More details of the exploit can be viewed here. The exploit has been accepted by packet storm and you can get it from <here> also.
Target system: Windows xp sp3 with TFTP server v1.4 installed.
Payload limit: 500 bytes.
Proof of concept by: b33f
Sysaxssh username buffer overflow (verified existing exploit/fix already available)
This module exploits a vulnerability found in Sysax’s SSH service. By supplying a long username, the SSH server will copy that data on the stack without any proper bounds checking, therefore allowing remote code execution under the context of the user. (Please note that previous versions (before 5.53) are also affected by this bug.)
Target System: Windows xp sp3/windows 2003 sp0 having sysaxssh server version 5.53 or below.
Authors: Craig freyman, sinn3r
Mozilla Firefox Add-on attack (verified existing exploit/fix already available)
This exploit dynamically creates an .xpi add-on file. The resulting Firefox add-on is presented to the victim via a web page. The victim’s Firefox browser will pop a dialog asking if they trust the add-on. Once the user clicks “install”, the add-on gets installed and executes the payload with full user permissions of the attacker. More details about the attack are here.
Target System: This exploit will work for all windows platforms with Mozilla Firefox.