This updates Metasploit to 4.9.3.
This addresses CVE-2014-0224 (OpenSSL SSL/TLS MITM vulnerability). All components have been recompiled with non-vulnerable versions of OpenSSL, including:
- Nginx - OpenSSL 1.0.1h
- Nmap - OpenSSL 1.0.1h
- PostgreSQL - OpenSSL 1.0.1h
- Ruby - OpenSSL 1.0.1h on Linux, OpenSSL 1.0.0m on Windows
- Meterpreter Windows - OpenSSL 0.9.8za
This update does not contain any new modules, features or bugfixes since the last weekly release.
How to Upgrade
Metasploit Pro is upgraded using the Administration menu and choosing the option Software Upgrade. To see how to upgrade your Metasploit installation, view this video in the Rapid7 Community.
PRO 4.9.2 updates to 4.9.3-2014060501
MSF3 4.9.2 updates to 4.9.3-2014060501