This special update contains 2 new exploit modules and 1 auxiliary module, all of which take advantage of CVE-2014-6271.
- Apache mod_cgi Bash Environment Variable Code Injection by juan vazquez, Stephane Chazelas, and wvu exploits CVE-2014-6271
- Dhclient Bash Environment Variable Injection by egyp7 and Stephane Chazelas exploits CVE-2014-6271
Auxiliary and post modules
- DHCP Client Bash Environment Variable Code Injection by Ramon de C Valle, Stephane Chazelas, apconole, and scriptjunkie exploits CVE-2014-6271
How to Upgrade
Metasploit Pro is upgraded using the Administration menu and choosing the option Software Updates. To see how to upgrade your Metasploit installation, view this video in the Rapid7 Community.
PRO 4.10.0 updates to 4.10.0-2014092602
MSF3 4.10.0 updates to 4.10.0-2014092602