Date: Sat, 09 Jul 2016 22:39:55 +0000 From: bugzilla-noreply@freebsd.org To: freebsd-ports-bugs@FreeBSD.org Subject: [Bug 210950] Port Maintainer Update of security/metasploit to 4.12.12 Message-ID: <bug-210950-13@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D210950 Bug ID: 210950 Summary: Port Maintainer Update of security/metasploit to 4.12.12 Product: Ports & Packages Version: Latest Hardware: Any OS: Any Status: New Severity: Affects Only Me Priority: --- Component: Individual Port(s) Assignee: freebsd-ports-bugs@FreeBSD.org Reporter: tanawts@gmail.com Created attachment 172295 --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=3D172295&action= =3Dedit Update for Metasploit 4.12.12 Update to Metasploit 4.12.12 Highlights The Windows Gather Microsoft Office Trusted Locations module: Enumerate tru= sted Microsoft Office locations on the target host. ClamAV remote code execution: Take advantage of a misconfiguration in ClamA= V, an open source antivirus engine, to send commands to to shut down and view = the version for the service. The Swagger CodeGen Parameter Injector: Generate a Swagger JSON file with embedded Metasploit payloads to introduce arbitrary code to the client. Bugs Fixed Chrome enum post module failed when extensions were not found (PR-6997) - T= he post/windows/gather/enum_chrome module was returning a stack trace when the browser was missing extensions. This fix adds better error handling for when this case occurs. The Payload Generator fails (MS-1678) - When building bind TCP payloads, the Payload Generator would fail because the RHOST option was not being set. Th= is fix adds the RHOST option to the strong parameters. Features and Enhancements Download files from DarkComet (PR-6955) - Download arbitrary files from the DarkComet C2 server by exploiting a known vulnerability in versions 3.2+. Enumerate trusted locations for all Office applications (PR-6966) - This post-exploitation module gathers and enumerates the trusted Microsoft Office locations on a target host. Improve the speed of NOP generation (PR-6970) - A new method called make_fast_nops has been added to create large chunks of NOPS more quickly t= hen the make_nops method. The make_fast_nops method works faster, but creates l= ess random and less evasive chunks of NOPs. Add missing rank check to msftidy (PR-6976) - A check for rank has been add= ed to msftidy. When you run msftidy and a rank has not been specified for a module, a message informs you to explicitly add a rank value. Exploit predictable transaction IDs in NetBIOS lookups (PR-6994) - Two modu= les have been added to exploit NetBIOS lookups. They can be used to change the addresses that the target machine resolves to. The first module continuously spams NetBIOS responses to a target for given hostname, which causes the ta= rget to cache a malicious address for this name. The second module listens for a NetBIOS name request and then continuously spams NetBIOS responses to a tar= get for given hostname, which causes the target to cache a malicious address for the hostname. Create ZIP files more easily for modules (PR-6999) - An API call has been a= dded to make it more convenient and easier to generate a ZIP file. This eliminat= es the need to learn how to make a direct REX call. REX code clean up (PR-7005) - Portions of the REX code has been replaced wi= th gems to clean up the code base and enable each atomic part to be individual= ly maintained and tested. Exploits Added Apache Continuum Arbitrary Command Execution - Apache Continuum is an enterprise-ready continuous integration server for popular build tools and source control management systems. This exploit performs a simple command injection through a POST parameter. Successful exploitation spawns a shell. op5 v7.1.9 Configuration Command Execution - op5 an open source network monitoring software. This module exploits the configuration page in version 7.1.9 and below that allows the ability to test a system command. This vulnerability can be exploited to run arbitrary code as an unprivileged use= r. Tiki-Wiki CMS Calendar Command Execution - Tiki-Wiki CMS's calendar module contains a remote code execution vulnerability within the viewmode GET parameter. If the parameter is enabled, the default permissions are set to = not allow anonymous users access. Successful exploitation of this vulnerability results in a session as an Apache user. JSON Swagger CodeGen Parameter Injector - The Swagger API can be used to bu= ild clients for RPC APIs. The Swagger CodeGen parameter injector module generat= es a Swagger JSON file with embedded Metasploit payloads and enables you to introduce arbitrary code for the language that the client is written in. Currently, this module supports 4 languages for delivery: NodeJS, PHP, Ruby, and Java. ClamAV Remote Code Execution - This module takes advantage of a possible misconfiguration in the ClamAV service on release 0.99.2, which allows you = to send commands to the service. If the service is tied to a socket, the ClamAV service listens for commands on all addresses. This module connects to the ClamAV service port and sends the proper commands for VERSION and SHUTDOWN. --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-210950-13>