This special update contains 4 new exploit modules and 3 auxiliary/post modules, some of which take advantage of the bash vulnerability documented in CVE-2014-6271.
- OS X VMWare Fusion Privilege Escalation via Bash Environment Code Injection by Stephane Chazelas, joev, juken, and mubix exploits CVE-2014-6271
- GetSimpleCMS PHP File Upload Vulnerability by Ahmed Elhady Mohamed exploits OSVDB-93034
- Advantech WebAccess dvs.ocx GetColor Buffer Overflow by juan vazquez and Unknown exploits ZDI-14-255
- EMC AlphaStor Device Manager Opcode 0x75 Command Injection by juan vazquez, Anyway, Brent Morris, Mohsan Farid, and Preston Thornburn exploits ZDI-13-033
Auxiliary and post modules
- AlienVault Authenticated SQL Injection Arbitrary File Read by Chris Hebert exploits OSVDB-106815
- UDP Empty Prober by Jon Hart
- Apache mod_cgi Bash Environment Variable Code Injection by Stephane Chazelas and wvu exploits CVE-2014-6271
How to Upgrade
Metasploit Pro is upgraded using the Administration menu and choosing the option Software Updates. To see how to upgrade your Metasploit installation, view this video in the Rapid7 Community.
PRO 4.10.0 updates to 4.10.0-2014092501
MSF3 4.10.0 updates to 4.10.0-2014092501