This update includes 14 new modules, including exploits for Mutiny, Apache Struts, Cool PDF, KingView, Sami FTP Server, HP Intelligent Management Center and ActFax. It also includes new modules for Axigen, DLink DIR645, Linksys E1500/E2500, Netgear SPH200D, TP-Link Wireless Lite N Access Point and Linux.
In addition, this update fixes 3 issues.
- Mutiny Remote Command Execution by juan vazquez and Christopher Campbell exploits CVE-2012-3001
- Apache Struts ParametersInterceptor Remote Code Execution by Meder Kydyraliev, Richard Hicks, and mihi exploits CVE-2011-3923
- Cool PDF Image Stream Buffer Overflow by juan vazquez, Chris Gabriel, and Francis Provencher exploits CVE-2012-4914
- KingView Log File Parsing Buffer Overflow by juan vazquez, Carlos Mario Penagos Hollman, and Lucas Apa exploits CVE-2012-4711
- Sami FTP Server LIST Command Buffer Overflow by Doug Prostko and superkojiman exploits OSVDB-90815
- HP Intelligent Management Center Arbitrary File Upload by juan vazquez and rgod exploits ZDI-13-050
- ActFax 5.01 RAW Server Buffer Overflow by juan vazquez, Craig Freyman, and corelanc0d3r exploits OSVDB-89944
Auxiliary and post modules
- Axigen Arbitrary File Read and Delete by juan vazquez and Zhao Liang exploits CVE-2012-4940
- DLink DIR 645 Password Extractor by Michael Messner and Roberto Paleari exploits OSVDB-90733
- Linksys E1500/E2500 Remote Command Execution by m-1-k-3 exploits OSVDB-89912
- Linksys E1500 Directory Traversal Vulnerability by m-1-k-3 exploits OSVDB-89911
- Netgear SPH200D Directory Traversal Vulnerability by m-1-k-3 exploits BID-57660
- TP-Link Wireless Lite N Access Point Directory Traversal Vulnerability by m-1-k-3 exploits CVE-2012-5687
- Linux Manage Download and Exececute by Joshua D. Abraham
- Fix error when accessing the Task Chains page
- 7523 - Fix browser autopwn to execute reliable noscript exploits before unreliable JS exploits
- 7829 - Use correct version in msfconsole
How to Upgrade
Metasploit Pro is upgraded using the Administration menu and choosing the option Software Upgrade. To see how to upgrade your Metasploit installation, view this video in the Rapid7 Community.
PRO 4.5.3 updates to 4.5.3-2013032701
MSF3 4.5.3 updates to 4.5.3-2013032701