This special update contains three new exploit modules for high visibility exploits. In addition, two modules were expanded to include coverage for CVE-2014-6278 (partial patch bug): Apache mod_cgi Bash Environment Variable Code Injection Exploit, Apache mod_cgi Bash Environment Variable RCE Scanner.
- Pure-FTPd External Authentication Bash Environment Variable Code Injection by Frank Denis, Spencer McIntyre, and Stephane Chazelas exploits CVE-2014-6271
- ManageEngine OpManager and Social IT Arbitrary File Upload by Pedro Ribeiro exploits CVE-2014-6034
- PXE Exploit Server by scriptjunkie
How to Upgrade
Metasploit Pro is upgraded using the Administration menu and choosing the option Software Updates. To see how to upgrade your Metasploit installation, view this video in the Rapid7 Community.
PRO 4.10.0 updates to 4.10.0-2014100201
MSF3 4.10.0 updates to 4.10.0-2014100201