Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix db2 scanner module crashes #18532

Merged
merged 1 commit into from Nov 16, 2023
Merged

Fix db2 scanner module crashes #18532

merged 1 commit into from Nov 16, 2023
+18 −18

Conversation

adfoster-r7
Copy link
Contributor

@adfoster-r7 adfoster-r7 commented Nov 13, 2023
edited

Fixes a uninitialized constant error crash with all ibm db2 modules

msf6 auxiliary(scanner/db2/db2_version) > run rhost=127.0.0.1

[-] 127.0.0.1:50000       - Auxiliary failed: NameError uninitialized constant Rex::Proto::DRDA::Utils::EXCSAT_DDM
Did you mean?  Rex::Proto::DRDA::EXCSAT_DDM
[-] 127.0.0.1:50000       - Call stack:
[-] 127.0.0.1:50000       -   /Users/user/Documents/code/metasploit-framework/lib/rex/proto/drda/utils.rb:13:in `client_probe'
[-] 127.0.0.1:50000       -   /Users/user/Documents/code/metasploit-framework/lib/msf/core/exploit/remote/db2.rb:41:in `db2_probe'
[-] 127.0.0.1:50000       -   /Users/user/Documents/code/metasploit-framework/modules/auxiliary/scanner/db2/db2_version.rb:34:in `run_host'
[-] 127.0.0.1:50000       -   /Users/user/Documents/code/metasploit-framework/lib/msf/core/auxiliary/scanner.rb:124:in `block (2 levels) in run'
[-] 127.0.0.1:50000       -   /Users/user/Documents/code/metasploit-framework/lib/msf/core/thread_manager.rb:105:in `block in spawn'
[*] Auxiliary module execution completed

Verification

Ensure the db2 scanner module no longer crashes

I put some cycles into getting db2 to work from docker, but didn't succeed in getting it to work with either msfconsole or intellij's database connector

# Doesn't seem to support remote connections by default?
sudo docker run -it --privileged=true -p 50000:50000 -e LICENSE=accept -e DB2INST1_PASSWORD=password -e DBNAME=testdb ibmcom/db2

# Works via docker though, after docker exec -it docker_id /bin/bash
su db2inst1
[db2inst1@898cf36794a5 config]$ db2 list db directory

 System Database Directory

 Number of entries in the directory = 1

Database 1 entry:

 Database alias                       = TESTDB
 Database name                        = TESTDB
 Local database directory             = /database/data
 Database release level               = 15.00
 Comment                              =
 Directory entry type                 = Indirect
 Catalog database partition number    = 0
 Alternate server hostname            =
 Alternate server port number         =

@dwelch-r7 dwelch-r7 merged commit a41fd9d into rapid7:master Nov 16, 2023
57 checks passed
@dwelch-r7 dwelch-r7 added the rn-fix release notes fix label Nov 16, 2023
@dwelch-r7
Copy link
Contributor

Release Notes

Fix db2 scanner module crashes

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dwelch-r7 dwelch-r7 dwelch-r7 approved these changes

Assignees

@dwelch-r7 dwelch-r7

Labels
rn-fix release notes fix
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@adfoster-r7 @dwelch-r7