Comment 14 for bug 282302

Impact: this regression breaks (at least) the metasploit framework. It appears that short-named constants are not generally in wide-spread use (based on community feedback and lack of other bug reports)

Development release: applied the exact patch to 9.04 in 1.8.7.72-1ubuntu1. This is from http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=rev&revision=18485, and is already in upstream's stable snapshot. Debdiff for the upload is attached.

TEST CASE (from HD Moore):
The example below assumes you have a Windows server somewhere with port 135 open:

$ svn co http://metasploit.com/svn/framework3/trunk/ msf3
$ ruby msf3/msfcli exploit/windows/dcerpc/ms03_026_dcom PAYLOAD=windows/shell/bind_tcp RHOST=10.10.10.250 E
(change 10.10.10.250 to a machine with DCOM open, patch level does not matter)

[*] Started bind handler
[*] Trying target Windows NT SP3-6a/2000/XP/2003 Universal...
[*] Binding to 4d9f4ab8-7d1c-11cf-861e-0020af6e7c57:0.0@ncacn_ip_tcp:10.10.10.250[135] ...
[*] Bound to 4d9f4ab8-7d1c-11cf-861e-0020af6e7c57:0.0@ncacn_ip_tcp:10.10.10.250[135] ...
[-] Exploit failed: uninitialized constant Msf::ModuleSet::NDR

A working/patched version of Ruby will not trigger that "uninitialized constant" error.

Regression potential: appears low due to the perceived infrequency of using short-named constants