Ticket #23 (assigned defect)

Opened 6 months ago

Last modified 6 months ago

metasploit3 segfaults

Reported by: extremis Owned by: saurik
Priority: major Component: Telesphoreo
Keywords: Cc:

Description (last modified by extremis) (diff)

Under some conditions, metasploit may cause ruby to segfault. 

msf exploit(ms06_066_nwwks) > exploit
[*] Started bind handler
[*] Connecting to the SMB service...
./lib/rex/struct2/generic.rb:41: [BUG] Segmentation fault
ruby 1.8.6 (2007-09-24) [arm-darwin]

Abort trap

msf exploit(ms05_039_pnp) > exploit
[*] Started bind handler
[*] Connecting to the SMB service...
./lib/rex/struct2/generic.rb:41: [BUG] Segmentation fault
ruby 1.8.6 (2007-09-24) [arm-darwin]

Abort trap

These same parameters executed under different conditions do not cause the same segfaults.

Attempts at isolating these conditions has been tough.

Attachments

metasploit.testcases.debug.txt (3.6 kB) - added by extremis 6 months ago.
msfconsole test cases with debugging enabled

Change History

  Changed 6 months ago by extremis

  • owner changed from extremis to saurik
  • status changed from new to assigned
  • description modified (diff)

  Changed 6 months ago by extremis

  • description modified (diff)

  Changed 6 months ago by extremis

  • description modified (diff)

  Changed 6 months ago by extremis

I verified that Ruby isn't consuming all of the available memory. At times that this crashes roughly 20MB was free.

Changed 6 months ago by extremis

msfconsole test cases with debugging enabled

in reply to: ↑ description   Changed 6 months ago by elimisteve

Here's another one: 

elimisteve:/var/share/msf3 root# msfconsole

[banner]

       =[ msf v3.2-release
+ -- --=[ 271 exploits - 118 payloads
+ -- --=[ 17 encoders - 6 nops
       =[ 50 aux

msf > load msfd
[*] Successfully loaded plugin: msfd
msf > search anything
[*] Searching loaded modules for pattern 'anything'...
/usr/share/msf3/lib/msf/core/data_store.rb:207: [BUG] Segmentation fault
ruby 1.8.6 (2007-09-24) [arm-darwin]

Abort trap
elimisteve:/var/share/msf3 root#

Replying to extremis:

Under some conditions, metasploit may cause ruby to segfault. {{{ msf exploit(ms06_066_nwwks) > exploit [*] Started bind handler [*] Connecting to the SMB service... ./lib/rex/struct2/generic.rb:41: [BUG] Segmentation fault ruby 1.8.6 (2007-09-24) [arm-darwin] Abort trap }}} {{{ msf exploit(ms05_039_pnp) > exploit [*] Started bind handler [*] Connecting to the SMB service... ./lib/rex/struct2/generic.rb:41: [BUG] Segmentation fault ruby 1.8.6 (2007-09-24) [arm-darwin] Abort trap }}} These same parameters executed under different conditions do not cause the same segfaults. Attempts at isolating these conditions has been tough.

  Changed 6 months ago by saurik

  • component set to Telesphoreo
Note: See TracTickets for help on using tickets.