CVE-2006-5780
published 2006-11-07CVE-2006-5780: Stack-based buffer overflow in nfsd.exe in XLink Omni-NFS Server 5.2 allows remote attackers to execute arbitrary code via a crafted TCP packet to port 2049…
PriorityP269high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
61.49%
99.1th percentile
Stack-based buffer overflow in nfsd.exe in XLink Omni-NFS Server 5.2 allows remote attackers to execute arbitrary code via a crafted TCP packet to port 2049 (nfsd), as demonstrated by vd_xlink.pm.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| xlink_technology | omni-nfs_server | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →The exploit packet structure begins with a 4-byte record mark (length | 0x80000000), followed by fixed NFS RPC fields: xid=1, msg_type=0, rpcvers=2, prog=100005, vers=1, proc=1. Alert on this exact sequence on port 2049/tcp. ↗
- →Monitor for execution of nfsd.exe spawning unexpected child processes or network connections, which may indicate successful exploitation and shellcode execution. ↗
- →The exploit payload uses a stack adjustment of -3500 bytes (0x81 0xc4 0x54 0xf2 0xff 0xff) prepended to the encoder; this byte sequence near the start of a payload on port 2049 is a strong exploit indicator. ↗
- ·The exploit targets only Windows 2000 SP4 English with a hardcoded return address; other OS versions or patch levels will require different return addresses and are not covered by these indicators. ↗
- ·Payload space is constrained to 336 bytes (Metasploit module) or 427 bytes (original vd_xlink.pm); null bytes (0x00) are bad characters and must be avoided in shellcode. ↗
- ·The EXITFUNC is set to 'process', meaning successful exploitation will terminate the nfsd.exe process after shellcode runs, which may cause a detectable service crash. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-pfvq-g54v-5qgj: Unspecified vulnerability in XLink Omni-NFS Enterprise allows remote attackers to execute arbitrary code via unspecified vectors, as demonstrated by v
ghsa_unreviewed·2022-05-01·CVSS 7.5
CVE-2006-5792 [HIGH] GHSA-pfvq-g54v-5qgj: Unspecified vulnerability in XLink Omni-NFS Enterprise allows remote attackers to execute arbitrary code via unspecified vectors, as demonstrated by v
Unspecified vulnerability in XLink Omni-NFS Enterprise allows remote attackers to execute arbitrary code via unspecified vectors, as demonstrated by vd_xlink2.pm, an "Omni-NFS Enterprise remote exploit." NOTE: this is probably a different vulnerability than CVE-2006-5780. As of 20061107, this disclosure has no actionable information. However, since it is from a reliable researcher, it is being assigned a CVE identifier for tracking purposes.
GHSA
GHSA-vpmf-9mwj-7fq6: Stack-based buffer overflow in nfsd
ghsa_unreviewed·2022-05-01
CVE-2006-5780 [HIGH] GHSA-vpmf-9mwj-7fq6: Stack-based buffer overflow in nfsd
Stack-based buffer overflow in nfsd.exe in XLink Omni-NFS Server 5.2 allows remote attackers to execute arbitrary code via a crafted TCP packet to port 2049 (nfsd), as demonstrated by vd_xlink.pm.
No detection rules found.
Exploit-DB
Omni-NFS Server - Remote Buffer Overflow (Metasploit)
exploitdb·2010-11-11
CVE-2006-5780 Omni-NFS Server - Remote Buffer Overflow (Metasploit)
Omni-NFS Server - Remote Buffer Overflow (Metasploit)
---
##
# $Id: xlink_nfsd.rb 10998 2010-11-11 22:43:22Z jduck $
##
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.
# http://metasploit.com/framework/
##
require 'msf/core'
class Metasploit3 'Omni-NFS Server Buffer Overflow',
'Description' => %q{
This module exploits a stack buffer overflow in Xlink Omni-NFS Server 5.2
When sending a specially crafted nfs packet, an attacker may be able
to execute arbitrary code.
},
'Author' => [ 'MC' ],
'Version' => '$Revision: 10998 $',
'References' =>
[
[ 'CVE', '2006-5780' ],
[ 'OSVDB', '30224'],
[ 'BID', '20941' ],
[ 'URL', 'htt
Exploit-DB
Omni-NFS Server 5.2 - 'nfsd.exe' Remote Stack Overflow (Metasploit)
exploitdb·2006-11-06
CVE-2006-5780 Omni-NFS Server 5.2 - 'nfsd.exe' Remote Stack Overflow (Metasploit)
Omni-NFS Server 5.2 - 'nfsd.exe' Remote Stack Overflow (Metasploit)
---
# vd_xlink.pm
#
# The exploit is a part of VulnDisco Pack - use only under the license agreement
# specified in LICENSE.txt in your VulnDisco distribution
# VULNDISCO LICENSE
# Purchaser buys VulnDisco Pack ("the Pack") and receives the right to use it under the terms of the following License.
# The Pack with all the data and software contained in it is the private property of GLEG ltd. Company ("the Company"). The Company is the only entity who has exclusive rights to the Pack. The Pack with all the software and data containing in it is the intellectual property of the Company and is guarded by intellectual property laws.
# Purchaser has the rights to use the Pack only under the terms and conditions of this Lice
Metasploit
Omni-NFS Server Buffer Overflow
metasploit
Omni-NFS Server Buffer Overflow
Omni-NFS Server Buffer Overflow
This module exploits a stack buffer overflow in Xlink Omni-NFS Server 5.2 When sending a specially crafted nfs packet, an attacker may be able to execute arbitrary code.
No writeups or analysis indexed.
http://gleg.net/downloads/VULNDISCO_META_FREE.tar.gzhttp://gleg.net/vulndisco_meta.shtmlhttp://secunia.com/advisories/22751http://securityreason.com/securityalert/1831http://securitytracker.com/id?1017172http://www.securityfocus.com/archive/1/450728/100/0/threadedhttp://www.securityfocus.com/bid/20941http://www.vupen.com/english/advisories/2006/4380https://exchange.xforce.ibmcloud.com/vulnerabilities/30083https://www.exploit-db.com/exploits/2729http://gleg.net/downloads/VULNDISCO_META_FREE.tar.gzhttp://gleg.net/vulndisco_meta.shtmlhttp://secunia.com/advisories/22751http://securityreason.com/securityalert/1831http://securitytracker.com/id?1017172http://www.securityfocus.com/archive/1/450728/100/0/threadedhttp://www.securityfocus.com/bid/20941http://www.vupen.com/english/advisories/2006/4380https://exchange.xforce.ibmcloud.com/vulnerabilities/30083https://www.exploit-db.com/exploits/2729
2006-11-07
Published