This update includes sixteen new modules, including exploits for Aladdin Knowledge System, EMC Networker, HP Intelligent Management Center UAM, Microsoft WinRM, Bitweaver, Concrete5, NTP, Digi ADDP, and Digi RealPort.
In addition, this update fixes two reported issues.
Update: This update now also includes four 0day exploits for Novell File Reporter. They are discussed on Juan Vazquez's blog post.
- Aladdin Knowledge System Ltd ChooseFilePath Buffer Overflow by sinn3r, juan vazquez, b33f, and shinnai exploits OSVDB-86723
- EMC Networker Format String by juan vazquez, Aaron Portnoy, and Luigi Auriemma exploits CVE-2012-2288
- HP Intelligent Management Center UAM Buffer Overflow by sinn3r, juan vazquez, and e6af8de8b1d4b2b6d5ba2610cbf9cd38 exploits ZDI-12-171
- WinRM VBS Remote Code Execution by thelightcosine
Auxiliary and Post modules
- Multi Gather pgpass Credentials by Zach Grace
- Windows Manage Process Migration by thelightcosine
- Bitweaver overlay_type Directory Traversal by sinn3r, David Aaron, and Jonathan Claudius exploits CVE-2012-5192
- Concrete5 Member List Enumeration by Chris John Riley
- NTP Clock Variables Disclosure by Ewerson Guimaraes(Crash)
- Digi ADDP Remote Reboot Initiator by hdm
- Digi ADDP Information Discovery by hdm
- Digi RealPort Serial Server Port Scanner by hdm
- Digi RealPort Serial Server Version by hdm
- WinRM Command Runner by thelightcosine
- WinRM WQL Query Runner by thelightcosine
7037 : Fixed persistent "can't add a new key into hash during iteration" error with module reloads
7378 : Fixed a missing require for Msf::Exploit::PhpEXE
How to Upgrade
Metasploit Pro is upgraded using the Administration menu and choosing the option Software Upgrade. To see how to upgrade your Metasploit installation, view this video in the Rapid7 Community.
PRO 4.4.0 updates to 2012111401
MSF3 4.4.0 updates to 2012111401