Skip site navigation (1)Skip section navigation (2) 
Date:      Sat, 28 Dec 2013 21:31:12 GMT
From:      Jr Aquino <tanawts@gmail.com>
To:        freebsd-gnats-submit@FreeBSD.org
Subject:   ports/185253: Port Maintainer Update of Metasploit to 4.8.2
Message-ID:  <201312282131.rBSLVCmx009914@oldred.freebsd.org>
Resent-Message-ID: <201312282140.rBSLe0Ze035570@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help 

>Number:         185253
>Category:       ports
>Synopsis:       Port Maintainer Update of Metasploit to 4.8.2
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-ports-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          maintainer-update
>Submitter-Id:   current-users
>Arrival-Date:   Sat Dec 28 21:40:00 UTC 2013
>Closed-Date:
>Last-Modified:
>Originator:     Jr Aquino
>Release:        9.1-RELEASE-p5
>Organization:
>Environment:
>Description:
Update to Metasploit 4.8.2

Summary
This update includes 8 new modules, including exploits for ColdFusion, Adobe Reader, HP LoadRunner, Windows, and Nvidia Display Driver Service.  It also contains new modules for YouTube and Windows.
 
In addition, this update fixes 2 issues.
 
Exploit modules
Adobe ColdFusion 9 Administrative Login Bypass by Mekanismen and Scott Buckel exploits CVE-2013-0632
Adobe Reader ToolButton Use After Free by sinn3r, juan vazquez, Soroush Dalili, and Unknown exploits ZDI-13-212
Adobe Reader ToolButton Use After Free by sinn3r, juan vazquez, Soroush Dalili, and Unknown exploits ZDI-13-212
HP LoadRunner EmulationAdmin Web Service Directory Traversal by juan vazquez and rgod exploits ZDI-13-259
Microsoft Windows ndproxy.sys Local Privilege Escalation by juan vazquez, Shahin Ramezany, Unkwnon, and ryujin exploits CVE-2013-5065
Nvidia (nvsvc) Display Driver Service Local Privilege Escalation by Ben Campbell and Peter Wintersmith exploits CVE-2013-0109
 
Auxiliary and post modules
Multi Manage Youtube Broadcast by sinn3r
Windows Manage Proxy PAC File by Borja Merino
 
Notable Changes and Resolved Issues
SE Campaign target CSV import should provide useful errors for invalid rows
SE campaign target CSV import fails for Excel CSV files with non-English characters
 
>How-To-Repeat:

>Fix:


Patch attached with submission follows:

diff -ruN metasploit.old/Makefile metasploit/Makefile
--- metasploit.old/Makefile	2013-12-28 10:59:41.000000000 -0800
+++ metasploit/Makefile	2013-12-28 11:02:22.000000000 -0800
@@ -2,7 +2,7 @@
 # $FreeBSD: security/metasploit/Makefile 332457 2013-11-02 08:54:02Z antoine $
 
 PORTNAME=	metasploit
-DISTVERSION=	4.7.2
+DISTVERSION=	4.8.2
 CATEGORIES=	security
 MASTER_SITES=	http://downloads.metasploit.com/data/releases/archive/
 DISTNAME=	framework-${DISTVERSION}
diff -ruN metasploit.old/distinfo metasploit/distinfo
--- metasploit.old/distinfo	2013-12-28 10:59:41.000000000 -0800
+++ metasploit/distinfo	2013-12-28 11:02:14.000000000 -0800
@@ -1,2 +1,2 @@
-SHA256 (framework-4.7.2.tar.bz2) = bbbb0cc85585fa148d9e7eefeae09b4eeaf061ba457a7490dee450ca7b150f8f
-SIZE (framework-4.7.2.tar.bz2) = 35591358
+SHA256 (framework-4.8.2.tar.bz2) = 7678fce2b22ff824f48244f52fdb27a2a7823d7332f2a75e4c670ccfa5aa6471
+SIZE (framework-4.8.2.tar.bz2) = 35964128


>Release-Note:
>Audit-Trail:
>Unformatted:

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201312282131.rBSLVCmx009914>