This module exploits a vulnerability in the Microsoft SQL Server. After successful exploitation an agent will be installed. If the attack was not successful, the server might stop responding (one-shot-exploit).
Multiple integer overflows in Microsoft ASN.1 library (MSASN1.DLL), as used in LSASS.EXE, CRYPT32.DLL, and other Microsoft executables and libraries on Windows NT 4.0, 2000, and XP, allow remote attackers to execute arbitrary code via ASN.1 encodings that cause arbitrary heap data to be overwritten.
This vulnerability allows remote attackers to execute arbitrary code on installations of Soulseek Server, which can be exploited by malicious people to compromise a vulnerable system. Soulseek Server is prone to a stack-based buffer-overflow vulnerability that occurs because it fails to perform adequate boundary checks on user-supplied data. Specifically, this issue occurs when performing a direct peer file search.
The /opt/ws/bin/sblistpack Perl script in Sophos Web Protection Appliance, which can be reached from the web interface, is vulnerable to an OS command injection because its get_referers() function does not escape the first argument of the script before using it within a string that will be executed as a command by using backticks. A remote unauthenticated attacker can exploit this vulnerability to execute arbitrary code in the affected appliance. The agent installed by this exploit runs with the privileges of the 'spiderman' user. After successfully installing an agent, by default this module will automatically run another module (Sophos Web Protection Appliance clear_keys.pl Privilege Escalation Exploit), which will try to exploit a privilege escalation vulnerability that is also present in the Sophos appliance in order to install another agent with root permissions.
Subscribe to Remote