module
Computer Associates License Client GETCONFIG Overflow
| Disclosed | Created |
|---|---|
| 2005-03-02 | 2018-05-30 |
Disclosed
2005-03-02
Created
2018-05-30
Description
This module exploits a vulnerability in the CA License Client
service. This exploit will only work if your IP address can be
resolved from the target system point of view. This can be
accomplished on a local network by running the 'nmbd' service
that comes with Samba. If you are running this exploit from
Windows and do not filter udp port 137, this should not be a
problem (if the target is on the same network segment). Due to
the bugginess of the software, you are only allowed one connection
to the agent port before it starts ignoring you. If it wasn't for this
issue, it would be possible to repeatedly exploit this bug.
service. This exploit will only work if your IP address can be
resolved from the target system point of view. This can be
accomplished on a local network by running the 'nmbd' service
that comes with Samba. If you are running this exploit from
Windows and do not filter udp port 137, this should not be a
problem (if the target is on the same network segment). Due to
the bugginess of the software, you are only allowed one connection
to the agent port before it starts ignoring you. If it wasn't for this
issue, it would be possible to repeatedly exploit this bug.
Authors
hdm x@hdm.io
aushack patrick@osisecurity.com.au
aushack patrick@osisecurity.com.au
Platform
Windows
References
Module Options
To display the available options, load the module within the Metasploit console and run the commands ‘show options’ or ‘show advanced’:
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.