This update includes 10 new modules, including exploits for D-Link devices, HP StorageWorks, HP System Management Homepage, OpenX, Ruby on Rails, Squash, Firefox and Open-FTPD. It also includes a new post module for Windows.
In addition, this update fixes 1 issue.
- D-Link Devices Unauthenticated Remote Command Execution by juan vazquez and Michael Messner exploits OSVDB-89861
- D-Link Devices Authenticated Remote Command Execution by juan vazquez and Michael Messner exploits OSVDB-92698
- HP StorageWorks P4000 Virtual SAN Appliance Login Buffer Overflow by juan vazquez and e6af8de8b1d4b2b6d5ba2610cbf9cd38 exploits ZDI-13-179
- HP System Management Homepage JustGetSNMPQueue Command Injection by sinn3r and Markus Wulftange exploits CVE-2013-3576
- OpenX Backdoor PHP Code Execution by egyp7 and Unknown exploits CVE-2013-4211
- Ruby on Rails Known Secret Session Cookie Remote Code Execution by joernchen of Phenoelit
- Squash YAML Code Execution by Charlie Eriksen exploits CVE-2013-5036
- Firefox onreadystatechange Event DocumentViewerImpl Use After Free by sinn3r, juan vazquez, Nils, Unknown, and w3bd3vil exploits CVE-2013-1690
- Open-FTPD 1.2 Arbitrary File Upload by Brendan Coles and Serge Gorbunov exploits CVE-2010-2620
Auxiliary and post modules
- Windows Gather DNS Cache by Borja Merino
Notable Changes and Resolved Issues
- Fix task exception when running firewall egress and passive discovery MetaModules
How to Upgrade
Metasploit Pro is upgraded using the Administration menu and choosing the option Software Upgrade. To see how to upgrade your Metasploit installation, view this video in the Rapid7 Community.
PRO 4.7.0 updates to 4.7.0-2013081401
MSF3 4.7.0 updates to 4.7.0-2013081401