Land rapid7#3698, release fixes

wvu · wvu · commit 6e3739a22047 · 2014-08-25T14:00:29.000-05:00
diff --git a/modules/auxiliary/admin/http/jboss_bshdeployer.rb b/modules/auxiliary/admin/http/jboss_bshdeployer.rb
@@ -15,7 +15,7 @@ def initialize
       'Description'   => %q{
         This module can be used to install a WAR file payload on JBoss servers that have
         an exposed "jmx-console" application. The payload is put on the server by
-        using the jboss.system:BSHDeployer\'s createScriptDeployment() method.
+        using the jboss.system:BSHDeployer's createScriptDeployment() method.
       },
       'Author'        =>
         [
@@ -79,7 +79,7 @@ def deploy_action(app_base, stager_name, war_data)
       # call the stager to deploy our real payload war
       stager_uri = '/' + stager_name + '/' + stager_name + '.jsp'
       payload_data = "#{rand_text_alpha(8+rand(8))}=#{Rex::Text.uri_encode(encoded_payload)}"
-      print_status("#{peer} - Calling stager #{stager_uri } to deploy final payload...")
+      print_status("#{peer} - Calling stager #{stager_uri} to deploy final payload...")
       res = deploy('method' => 'POST',
                    'data'   => payload_data,
                    'uri'    => stager_uri)
diff --git a/modules/auxiliary/scanner/ntp/ntp_peer_list_dos.rb b/modules/auxiliary/scanner/ntp/ntp_peer_list_dos.rb
@@ -19,13 +19,15 @@ def initialize
       'Description'    => %q{
         This module identifies NTP servers which permit "PEER_LIST" queries and
         return responses that are larger in size or greater in quantity than
-        the request, allowing remote attackers to cause a denial of service
-        (traffic amplification) via spoofed requests.
+        the request, allowing remote attackers to cause a distributed, reflected
+        denial of service (aka, "DRDoS" or traffic amplification) via spoofed
+        requests.
       },
       'Author'         => 'Jon Hart <jon_hart[at]rapid7.com>',
       'References'     =>
         [
-          ['URL', 'https://github.com/rapid7/metasploit-framework/pull/3696']
+          ['URL', 'https://github.com/rapid7/metasploit-framework/pull/3696'],
+          ['URL', 'http://r-7.co/R7-2014-12']
         ],
       'DisclosureDate' => 'Aug 25 2014',
       'License'        => MSF_LICENSE
diff --git a/modules/auxiliary/scanner/ntp/ntp_peer_list_sum_dos.rb b/modules/auxiliary/scanner/ntp/ntp_peer_list_sum_dos.rb
@@ -19,13 +19,15 @@ def initialize
       'Description'    => %q{
         This module identifies NTP servers which permit "PEER_LIST_SUM" queries and
         return responses that are larger in size or greater in quantity than
-        the request, allowing remote attackers to cause a denial of service
-        (traffic amplification) via spoofed requests.
+        the request, allowing remote attackers to cause a distributed, reflected
+        denial of service (aka, "DRDoS" or traffic amplification) via spoofed
+        requests.
       },
       'Author'         => 'Jon Hart <jon_hart[at]rapid7.com>',
       'References'     =>
         [
-          ['URL', 'https://github.com/rapid7/metasploit-framework/pull/3696']
+          ['URL', 'https://github.com/rapid7/metasploit-framework/pull/3696'],
+          ['URL', 'http://r-7.co/R7-2014-12']
         ],
       'DisclosureDate' => 'Aug 25 2014',
       'License'        => MSF_LICENSE
diff --git a/modules/auxiliary/scanner/ntp/ntp_req_nonce_dos.rb b/modules/auxiliary/scanner/ntp/ntp_req_nonce_dos.rb
@@ -18,15 +18,17 @@ def initialize
       'Name'           => 'NTP Mode 6 REQ_NONCE DRDoS Scanner',
       'Description'    => %q{
         This module identifies NTP servers which permit mode 6 REQ_NONCE requests that
-        can be used to conduct DRDoS attacks.  In some configurations, NTP servers will
+        can be used to conduct DRDoS attacks. In some configurations, NTP servers will
         respond to REQ_NONCE requests with a response larger than the request,
-        allowing remote attackers to cause a denial of services (traffic
-        amplification) via spoofed requests.
+        allowing remote attackers to cause a distributed, reflected
+        denial of service (aka, "DRDoS" or traffic amplification) via spoofed
+        requests.
       },
       'Author'         => 'Jon Hart <jon_hart[at]rapid7.com>',
       'References'     =>
         [
-          ['URL', 'https://github.com/rapid7/metasploit-framework/pull/3696']
+          ['URL', 'https://github.com/rapid7/metasploit-framework/pull/3696'],
+          ['URL', 'http://r-7.co/R7-2014-12']
         ],
       'DisclosureDate' => 'Aug 25 2014',
       'License'        => MSF_LICENSE
diff --git a/modules/auxiliary/scanner/ntp/ntp_reslist_dos.rb b/modules/auxiliary/scanner/ntp/ntp_reslist_dos.rb
@@ -19,15 +19,17 @@ def initialize
       'Description'    => %q{
         This module identifies NTP servers which permit "reslist" queries and
         obtains the list of restrictions placed on various network interfaces,
-        networks or hosts.  The reslist feature allows remote
-        attackers to cause a denial of service (traffic amplification) via
-        spoofed requests. The more interfaces, networks or host with specific
-        restrictions, the greater the amplification.
+        networks or hosts. The reslist feature allows remote
+        attackers to cause a distributed, reflected denial of service (aka, "DRDoS" or
+        traffic amplification) via spoofed requests. The more interfaces, networks
+        or hosts with specific restrictions, the greater the amplification.
+        requests.
       },
       'Author'         => 'Jon Hart <jon_hart[at]rapid7.com>',
       'References'     =>
         [
-          ['URL', 'https://github.com/rapid7/metasploit-framework/pull/3696']
+          ['URL', 'https://github.com/rapid7/metasploit-framework/pull/3696'],
+          ['URL', 'http://r-7.co/R7-2014-12']
         ],
       'DisclosureDate' => 'Aug 25 2014',
       'License'        => MSF_LICENSE
diff --git a/modules/auxiliary/scanner/ntp/ntp_unsettrap_dos.rb b/modules/auxiliary/scanner/ntp/ntp_unsettrap_dos.rb
@@ -19,13 +19,15 @@ def initialize
       'Description'    => %q{
         This module identifies NTP servers which permit mode 6 UNSETTRAP requests that
         can be used to conduct DRDoS attacks.  In some configurations, NTP servers will
-        respond to UNSETTRAP requests with multiple packets, allowing remote attackers to
-        cause a denial of services (traffic amplification) via spoofed requests.
+        respond to UNSETTRAP requests with multiple packets, allowing remote attackers
+        to cause a distributed, reflected denial of service (aka, "DRDoS" or traffic
+        amplification) via spoofed requests.
       },
       'Author'         => 'Jon Hart <jon_hart[at]rapid7.com>',
       'References'     =>
         [
-          ['URL', 'https://github.com/rapid7/metasploit-framework/pull/3696']
+          ['URL', 'https://github.com/rapid7/metasploit-framework/pull/3696'],
+          ['URL', 'http://r-7.co/R7-2014-12']
         ],
       'DisclosureDate' => 'Aug 25 2014',
       'License'        => MSF_LICENSE
