This weekly update contains three new exploit modules and six new auxiliary and post-exploitation modules.
- CUPS Filter Bash Environment Variable Code Injection by Brendan Coles, Stephane Chazelas, and lcamtuf exploits CVE-2014-6278
- X7 Chat 2.0.5 lib/message.php preg_replace() PHP Code Execution by Fernando Munoz and Juan Escobar
- Xerox Multifunction Printers (MFP) "Patch" DLM Vulnerability by Deral "Percentx" Heiland and Pete "Bokojan" Arzamendi exploits BID-52483
Auxiliary and Post-Exploitation Modules
- Android Open Source Platform (AOSP) Browser UXSS by Rafay Baloch and joev
- Xerox Administrator Console Password Extractor by Deral "Percentx" Heiland and Pete "Bokojan" Arzamendi
- Xerox Workcentre 5735 LDAP Service Redential Extractor by Deral "Percentx" Heiland and Pete "Bokojan" Arzamendi
- Buffalo NAS Login Utility by Nicholas Starke
- tnftp "savefile" Arbitrary Command Execution by Jared McNeill and wvu exploits CVE-2014-8517
- GNU Wget FTP Symlink Arbitrary Filesystem Access by hdm exploits CVE-2014-4877
Notable Fixes and Changes
- #3725: Fixed slow start up time for msfconsole via #4084
- #3770: Fixed stage encoding to be SaveRegister aware
- #4050: Added CUPS Shellshock exploit (usually local-only though)
- #4064: Added a new local privilege escalation exploit for nearly all Windows platforms
- #4080: TCP and TCPServer now uses TLSv1 by default
- #4084: Landed compatibility fixes for 1.9.3 and 2.1.4
- #4086: FTP Server mixin can now use a configurable PASV port
- #4093: Added another Shellshock vector for CUPS exploit
- #4099: Added wiki docs on the Tcp mixin for exploit devs
- #4107: Updated default Ruby to 1.9.3-p550
- Pro - Cracking an NTLM hash no longer results in the "NameError undefined local variable or method core" error. NTLM hashes are now successfully cracked and stored in the project.
- Pro - Running auto-exploitation no longer results in a license key error on Nexpose Ultimate. Auto-exploitation will now successfully complete.
- Pro - Report options will display properly for Wizards.
Ruby 1.9.3 will reach end of life by February 2015, so the upgrade to Ruby 2.1 is coming up soon. For more information on the Ruby 2.1 upgrade and to see how it affects you, see Tod Beardsley's awesome post Metasploit Weekly Wrapup: New Rubies!
How to Upgrade
To upgrade Metasploit Pro, go to the Administration menu and choose the Software Updates option. To see how to upgrade your Metasploit installation, view this video.
PRO 4.10.0 updates to 4.10.1-2014111001
MSF3 4.10.0 updates to 4.10.1-2014111001