CVE-2006-5792
published 2006-11-07CVE-2006-5792: Unspecified vulnerability in XLink Omni-NFS Enterprise allows remote attackers to execute arbitrary code via unspecified vectors, as demonstrated by…
PriorityP354high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
59.96%
99.0th percentile
Unspecified vulnerability in XLink Omni-NFS Enterprise allows remote attackers to execute arbitrary code via unspecified vectors, as demonstrated by vd_xlink2.pm, an "Omni-NFS Enterprise remote exploit." NOTE: this is probably a different vulnerability than CVE-2006-5780. As of 20061107, this disclosure has no actionable information. However, since it is from a reliable researcher, it is being assigned a CVE identifier for tracking purposes.
Detection & IOCsextracted from sources · hover to see the quote
bytes↗
\x81\xc4\xff\xef\xff\xff\x44
- →Detect the Xlink FTP Server by matching the FTP banner string 'XLINK FTP Server'; the Metasploit module uses this exact banner check to confirm vulnerability. ↗
- →Server-side exploit sends an oversized FTP request: payload (up to 260 bytes) + 4-byte little-endian return address (0x1001f09c) + random alpha-upper padding to 2024 bytes total, terminated with \r\n. Alert on FTP requests exceeding normal length thresholds against Xlink FTP Server. ↗
- →Client-side exploit delivers an oversized FTP server response: 260 bytes random alpha-upper + 4-byte return address + payload (up to 550 bytes) + padding to 1024 bytes + \r\n. Monitor for anomalously large FTP server responses on port 21. ↗
- →The stack-adjustment prepend encoder sequence \x81\xc4\xff\xef\xff\xff\x44 (ADD ESP,-0x1001 / INC ESP) appears at the start of shellcode in both server and client exploits; scan FTP traffic for this byte sequence. ↗
- →Bad characters for the server-side payload are \x00\x7e\x2b\x26\x3d\x25\x3a\x22\x0a\x0d\x20\x2f\x5c\x2e; encoded shellcode in FTP traffic will avoid these bytes. ↗
- →The exploit targets OmniEOM.DLL version 1.0.0.1 (return address 0x1001f09c). Presence of this DLL version on a Windows host running Omni-NFS Enterprise 5.2 indicates a vulnerable configuration. ↗
- ·The NVD advisory explicitly states no actionable information was available at disclosure time; the Metasploit modules (dated Oct 3 2009) are the primary source of technical detail and may not reflect the original 2006 exploit vector referenced by vd_xlink2.pm. ↗
- ·CVE-2006-5792 is shared across both the server-side (xlink_server.rb) and client-side (xlink_client.rb) Metasploit modules, but these are likely distinct vulnerabilities; CVE-2006-5780 may cover one of them. ↗
- ·The server-side exploit payload space is limited to 260 bytes with EXITFUNC=thread; the client-side payload space is 550 bytes with EXITFUNC=process. Payload selection must respect these constraints. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Xlink FTP Server - Remote Buffer Overflow (Metasploit)
exploitdb·2010-11-11
CVE-2006-5792 Xlink FTP Server - Remote Buffer Overflow (Metasploit)
Xlink FTP Server - Remote Buffer Overflow (Metasploit)
---
##
# $Id: xlink_server.rb 10998 2010-11-11 22:43:22Z jduck $
##
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.
# http://metasploit.com/framework/
##
require 'msf/core'
class Metasploit3 'Xlink FTP Server Buffer Overflow',
'Description' => %q{
This module exploits a stack buffer overflow in Xlink FTP Server
that comes bundled with Omni-NFS Enterprise 5.2.
When a overly long FTP request is sent to the server,
arbitrary code may be executed.
},
'Author' => [ 'MC' ],
'License' => MSF_LICENSE,
'Version' => '$Revision: 10998 $',
'References' =>
[
[ 'CVE', '2006-579
Exploit-DB
Xlink FTP Client - Remote Buffer Overflow (Metasploit)
exploitdb·2010-11-11
CVE-2006-5792 Xlink FTP Client - Remote Buffer Overflow (Metasploit)
Xlink FTP Client - Remote Buffer Overflow (Metasploit)
---
##
# $Id: xlink_client.rb 10998 2010-11-11 22:43:22Z jduck $
##
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.
# http://metasploit.com/framework/
##
class Metasploit3 'Xlink FTP Client Buffer Overflow',
'Description' => %q{
This module exploits a stack buffer overflow in Xlink FTP Client 32
Version 3.01 that comes bundled with Omni-NFS Enterprise 5.2.
When a overly long FTP server response is recieved by a client,
arbitrary code may be executed.
},
'Author' => [ 'MC' ],
'License' => MSF_LICENSE,
'Version' => '$Revision: 10998 $',
'References' =>
[
[ 'CVE', '20
Metasploit
Xlink FTP Server Buffer Overflow
metasploit
Xlink FTP Server Buffer Overflow
Xlink FTP Server Buffer Overflow
This module exploits a stack buffer overflow in Xlink FTP Server that comes bundled with Omni-NFS Enterprise 5.2. When a overly long FTP request is sent to the server, arbitrary code may be executed.
Metasploit
Xlink FTP Client Buffer Overflow
metasploit
Xlink FTP Client Buffer Overflow
Xlink FTP Client Buffer Overflow
This module exploits a stack buffer overflow in Xlink FTP Client 32 Version 3.01 that comes bundled with Omni-NFS Enterprise 5.2. When an overly long FTP server response is received by a client, arbitrary code may be executed.
No writeups or analysis indexed.
2006-11-07
Published