This update includes 6 new modules, including exploits for MiniUPnPd, Apache Struts, Oracle and Lianja SQL. It also contains new modules for Memcached and CouchDB.
In addition, this update fixes 5 issues.
- MiniUPnPd 1.0 Stack Buffer Overflow Remote Code Execution by hdm and Dejan Lukan exploits CVE-2013-0230
- Apache Struts includeParams Remote Code Execution by Douglas Rodrigues, Eric Kobrin, and Richard Hicks exploits CVE-2013-1966
- Oracle WebCenter Content CheckOutAndOpen.dll ActiveX Remote Code Execution by juan vazquez and rgod exploits ZDI-13-094
- Lianja SQL 1.0.0RC5.1 db_netserver Stack Buffer Overflow by Spencer McIntyre exploits CVE-2013-3563
Auxiliary and post modules
- Memcached Remote Denial of Service by Gregory Man exploits CVE-2011-4971
- CouchDB Login Utility by espreto
Notable Changes and Resolved Issues
- 7674 - Add 64-bit reverse_http and reverse_https payloads
- 7689 - Fix issue that caused some CVE searches to not return correct values
- Fix hosts page to correctly show all entries
- Fix an issue that prevented tagging hosts
How to Upgrade
Metasploit Pro is upgraded using the Administration menu and choosing the option Software Upgrade. To see how to upgrade your Metasploit installation, view this video in the Rapid7 Community.
PRO 4.6.2 updates to 4.6.2-2013060501
MSF3 4.6.2 updates to 4.6.2-2013060501