From owner-freebsd-ports-bugs@freebsd.org Sat Jul 9 22:39:56 2016 Return-Path: Delivered-To: freebsd-ports-bugs@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 0292FB83D61 for ; Sat, 9 Jul 2016 22:39:56 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id DB79713B2 for ; Sat, 9 Jul 2016 22:39:55 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from bugs.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id u69MdteF088249 for ; Sat, 9 Jul 2016 22:39:55 GMT (envelope-from bugzilla-noreply@freebsd.org) From: bugzilla-noreply@freebsd.org To: freebsd-ports-bugs@FreeBSD.org Subject: [Bug 210950] Port Maintainer Update of security/metasploit to 4.12.12 Date: Sat, 09 Jul 2016 22:39:55 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: new X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Ports & Packages X-Bugzilla-Component: Individual Port(s) X-Bugzilla-Version: Latest X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Only Me X-Bugzilla-Who: tanawts@gmail.com X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: freebsd-ports-bugs@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: bug_id short_desc product version rep_platform op_sys bug_status bug_severity priority component assigned_to reporter attachments.created Message-ID: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-ports-bugs@freebsd.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Ports bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 09 Jul 2016 22:39:56 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D210950 Bug ID: 210950 Summary: Port Maintainer Update of security/metasploit to 4.12.12 Product: Ports & Packages Version: Latest Hardware: Any OS: Any Status: New Severity: Affects Only Me Priority: --- Component: Individual Port(s) Assignee: freebsd-ports-bugs@FreeBSD.org Reporter: tanawts@gmail.com Created attachment 172295 --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=3D172295&action= =3Dedit Update for Metasploit 4.12.12 Update to Metasploit 4.12.12 Highlights The Windows Gather Microsoft Office Trusted Locations module: Enumerate tru= sted Microsoft Office locations on the target host. ClamAV remote code execution: Take advantage of a misconfiguration in ClamA= V, an open source antivirus engine, to send commands to to shut down and view = the version for the service. The Swagger CodeGen Parameter Injector: Generate a Swagger JSON file with embedded Metasploit payloads to introduce arbitrary code to the client. Bugs Fixed Chrome enum post module failed when extensions were not found (PR-6997) - T= he post/windows/gather/enum_chrome module was returning a stack trace when the browser was missing extensions. This fix adds better error handling for when this case occurs. The Payload Generator fails (MS-1678) - When building bind TCP payloads, the Payload Generator would fail because the RHOST option was not being set. Th= is fix adds the RHOST option to the strong parameters. Features and Enhancements Download files from DarkComet (PR-6955) - Download arbitrary files from the DarkComet C2 server by exploiting a known vulnerability in versions 3.2+. Enumerate trusted locations for all Office applications (PR-6966) - This post-exploitation module gathers and enumerates the trusted Microsoft Office locations on a target host. Improve the speed of NOP generation (PR-6970) - A new method called make_fast_nops has been added to create large chunks of NOPS more quickly t= hen the make_nops method. The make_fast_nops method works faster, but creates l= ess random and less evasive chunks of NOPs. Add missing rank check to msftidy (PR-6976) - A check for rank has been add= ed to msftidy. When you run msftidy and a rank has not been specified for a module, a message informs you to explicitly add a rank value. Exploit predictable transaction IDs in NetBIOS lookups (PR-6994) - Two modu= les have been added to exploit NetBIOS lookups. They can be used to change the addresses that the target machine resolves to. The first module continuously spams NetBIOS responses to a target for given hostname, which causes the ta= rget to cache a malicious address for this name. The second module listens for a NetBIOS name request and then continuously spams NetBIOS responses to a tar= get for given hostname, which causes the target to cache a malicious address for the hostname. Create ZIP files more easily for modules (PR-6999) - An API call has been a= dded to make it more convenient and easier to generate a ZIP file. This eliminat= es the need to learn how to make a direct REX call. REX code clean up (PR-7005) - Portions of the REX code has been replaced wi= th gems to clean up the code base and enable each atomic part to be individual= ly maintained and tested. Exploits Added Apache Continuum Arbitrary Command Execution - Apache Continuum is an enterprise-ready continuous integration server for popular build tools and source control management systems. This exploit performs a simple command injection through a POST parameter. Successful exploitation spawns a shell. op5 v7.1.9 Configuration Command Execution - op5 an open source network monitoring software. This module exploits the configuration page in version 7.1.9 and below that allows the ability to test a system command. This vulnerability can be exploited to run arbitrary code as an unprivileged use= r. Tiki-Wiki CMS Calendar Command Execution - Tiki-Wiki CMS's calendar module contains a remote code execution vulnerability within the viewmode GET parameter. If the parameter is enabled, the default permissions are set to = not allow anonymous users access. Successful exploitation of this vulnerability results in a session as an Apache user. JSON Swagger CodeGen Parameter Injector - The Swagger API can be used to bu= ild clients for RPC APIs. The Swagger CodeGen parameter injector module generat= es a Swagger JSON file with embedded Metasploit payloads and enables you to introduce arbitrary code for the language that the client is written in. Currently, this module supports 4 languages for delivery: NodeJS, PHP, Ruby, and Java. ClamAV Remote Code Execution - This module takes advantage of a possible misconfiguration in the ClamAV service on release 0.99.2, which allows you = to send commands to the service. If the service is tied to a socket, the ClamAV service listens for commands on all addresses. This module connects to the ClamAV service port and sends the proper commands for VERSION and SHUTDOWN. --=20 You are receiving this mail because: You are the assignee for the bug.=