This update includes 13 new modules, including exploits for Red Hat CloudForms, Synology DiskStation, Firefox, HP SiteScope, OpenSIS, Zimbra, and RealPlayer. It also contains new modules for Red Hat CloudForms, DNS, Chargen, Poison Ivy and OSX.
In addition, this update fixes 5 issues.
- Red Hat CloudForms Management Engine 5.1 agent/linuxpkgs Path Traversal by Ramon de C Valle exploits CVE-2013-2068
- Synology DiskStation Manager SLICEUPLOAD Remote Command Execution by Markus Wulftange exploits CVE-2013-6955
- Firefox 5.0 - 15.0.1 __exposedProps__ XCS Code Execution by Mariusz Mlynski, joev, and moz_bug_r_a4 exploits CVE-2013-1710
- HP SiteScope issueSiebelCmd Remote Code Execution by juan vazquez and rgod exploits ZDI-13-263
- OpenSIS 'modname' PHP Code Execution by Brendan Coles and EgiX exploits CVE-2013-1349
- Zimbra Collaboration Server LFI by Mekanismen and rubina119 exploits CVE-2013-7091
- RealNetworks RealPlayer Version Attribute Buffer Overflow by Gabor Seljan exploits CVE-2013-6877
Auxiliary and post modules
- Red Hat CloudForms Management Engine 5.1 miq_policy/explorer SQL Injection by Ramon de C Valle exploits CVE-2013-2050
- DNS Non-Recursive Record Scraper by Brandon McCann "zeknox" and Rob Dixon "304geek"
- Chargen Probe Utility by Matteo Cantoni exploits CVE-1999-0103
- Poison Ivy Command and Control Scanner by SeawolfRN
- OSX Gather Autologin Password as Root by joev
- OSX Gather Safari LastSession.plist by sinn3r
Notable Changes and Resolved Issues
- 8716 - Directory error when upgrading command shell to meterpreter
- 8717 - War file with spaces in path fails
- 8719 - msfcli does not initialize post modules
- Fix problem that caused upgrade issues when task chains exist
- Fix issue with failing browser_autopwn and other http exploits
How to Upgrade
Metasploit Pro is upgraded using the Administration menu and choosing the option Software Upgrade. To see how to upgrade your Metasploit installation, view this video in the Rapid7 Community.
PRO 4.8.2 updates to 4.8.2-2014010101
MSF3 4.8.2 updates to 4.8.2-2014010101