Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update MS14-070 module information and references #4753

Merged
merged 1 commit into from Feb 12, 2015
Merged

Update MS14-070 module information and references #4753

merged 1 commit into from Feb 12, 2015

Conversation

zeroSteiner
Copy link
Contributor

The original exploit module and advisory stated that the vulnerability was an arbitrary write in kernel memory. The blog that this PR added to the references and further analysis showed that the vulnerability is actually a NULL pointer dereference.

This PR updates the modules name and description to be more accurate as well as adds the MSB, and OSVDB references.

Verification steps

  • Load the new module and display the information
  • See the new, more accurate info and additional references

Example output:

msf-git (S:0 J:0) exploit(ms14_070_tcpip_ioctl) > info

       Name: Windows tcpip!SetAddrOptions NULL Pointer Dereference
     Module: exploit/windows/local/ms14_070_tcpip_ioctl
   Platform: Windows
 Privileged: No
    License: Metasploit Framework License (BSD)
       Rank: Average
  Disclosed: 2014-11-11

Provided by:
  Matt Bergin <level@korelogic.com>
  Jay Smith <jsmith@korelogic.com>

Available targets:
  Id  Name
  --  ----
  0   Windows Server 2003 SP2

Basic options:
  Name     Current Setting  Required  Description
  ----     ---------------  --------  -----------
  SESSION                   yes       The session to run this module on.

Payload information:

Description:
  A vulnerability within the Microsoft TCP/IP protocol driver 
  tcpip.sys, can allow an attacker to trigger a NULL pointer 
  dereference by using a specially crafted IOCTL.

References:
  http://cvedetails.com/cve/2014-4076/
  http://technet.microsoft.com/en-us/security/bulletin/MS14-070
  http://www.osvdb.org/114532
  https://blog.korelogic.com/blog/2015/01/28/2k3_tcpip_setaddroptions_exploit_dev
  https://www.korelogic.com/Resources/Advisories/KL-001-2015-001.txt

msf-git (S:0 J:0) exploit(ms14_070_tcpip_ioctl) > exit

@wvu wvu self-assigned this Feb 12, 2015
wvu added a commit to wvu/metasploit-framework that referenced this pull request Feb 12, 2015
@wvu
Land rapid7#4753, updated ms14_070_tcpip_ioctl info
309159d
@wvu wvu merged commit 8ab469d into rapid7:master Feb 12, 2015
@wvu wvu added the bug label Feb 12, 2015
@zeroSteiner zeroSteiner deleted the ms14-070-info branch February 23, 2021 18:07
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@wvu wvu

Labels
bug module
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@zeroSteiner @wvu