This update includes 7 new modules, including exploits for Dovecot, Java, Synatics PDF and Novell Zenworks. It also contains new modules for MiniUPnPd, Novell Zenworks and SevOne.
In addition, this update fixes 5 issues.
- Exim and Dovecot Insecure Configuration Command Injection by juan vazquez, Unknown, and eKKiM exploits OSVDB-93004
- Java Applet Driver Manager Privileged toString() Remote Code Execution by juan vazquez and James Forshaw exploits ZDI-13-076
- Synactis PDF In-The-Box ConnectToSynactic Stack Buffer Overflow by sinn3r and h1ch4m exploits OSVDB-93754
- Novell Zenworks Mobile Managment MDM.php Local File Inclusion Vulnerability by Andrea Micalizzi (aka rgod) and steponequit exploits ZDI-13-087
Auxiliary and post modules
- MiniUPnPd 1.4 Denial of Service (DoS) Exploit by hdm and Dejan Lukan exploits CVE-2013-0229
- Novell Zenworks Mobile Device Managment Admin Credentials by Andrea Micalizzi (aka rgod) and steponequit exploits CVE-2013-1081
- SevOne Network Performance Management Application Brute Force Login Utility by Karn Ganeshen
Notable Changes and Resolved Issues
- 7278, 7945 - Improvements to auxiliary/scanner/smtp/smtp_enum
- 7965 - Add sorting support to cmd_notes
- 8012 - Fix trusted_service_path exploit to work on more Windows versions
- Add domain setting to web scans and the Web App Test wizard
How to Upgrade
Metasploit Pro is upgraded using the Administration menu and choosing the option Software Upgrade. To see how to upgrade your Metasploit installation, view this video in the Rapid7 Community.
PRO 4.6.2 updates to 4.6.2-2013061201
MSF3 4.6.2 updates to 4.6.2-2013061201