[Bug 210950] Port Maintainer Update of security/metasploit to 4.12.12

bugzilla-noreply at freebsd.org bugzilla-noreply at freebsd.org
Sat Jul 9 22:39:56 UTC 2016 

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=210950

            Bug ID: 210950
           Summary: Port Maintainer Update of security/metasploit to
                    4.12.12
           Product: Ports & Packages
           Version: Latest
          Hardware: Any
                OS: Any
            Status: New
          Severity: Affects Only Me
          Priority: ---
         Component: Individual Port(s)
          Assignee: freebsd-ports-bugs at FreeBSD.org
          Reporter: tanawts at gmail.com

Created attachment 172295
  --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=172295&action=edit
Update for Metasploit 4.12.12

Update to Metasploit 4.12.12

Highlights
The Windows Gather Microsoft Office Trusted Locations module: Enumerate trusted
Microsoft Office locations on the target host.
ClamAV remote code execution: Take advantage of a misconfiguration in ClamAV,
an open source antivirus engine, to send commands to to shut down and view the
version for the service.
The Swagger CodeGen Parameter Injector: Generate a Swagger JSON file with
embedded Metasploit payloads to introduce arbitrary code to the client.

Bugs Fixed
Chrome enum post module failed when extensions were not found (PR-6997) - The
post/windows/gather/enum_chrome module was returning a stack trace when the
browser was missing extensions. This fix adds better error handling for when
this case occurs.
The Payload Generator fails (MS-1678) - When building bind TCP payloads, the
Payload Generator would fail because the RHOST option was not being set. This
fix adds the RHOST option to the strong parameters.

Features and Enhancements
Download files from DarkComet (PR-6955) - Download arbitrary files from the
DarkComet C2 server by exploiting a known vulnerability in versions 3.2+.
Enumerate trusted locations for all Office applications (PR-6966) - This
post-exploitation module gathers and enumerates the trusted Microsoft Office
locations on a target host.
Improve the speed of NOP generation (PR-6970) - A new method called
make_fast_nops has been added to create large chunks of NOPS more quickly then
the make_nops method. The make_fast_nops method works faster, but creates less
random and less evasive chunks of NOPs.
Add missing rank check to msftidy (PR-6976) - A check for rank has been added
to msftidy. When you run msftidy and a rank has not been specified for a
module, a message informs you to explicitly add a rank value.
Exploit predictable transaction IDs in NetBIOS lookups (PR-6994) - Two modules
have been added to exploit NetBIOS lookups. They can be used to change the
addresses that the target machine resolves to. The first module continuously
spams NetBIOS responses to a target for given hostname, which causes the target
to cache a malicious address for this name. The second module listens for a
NetBIOS name request and then continuously spams NetBIOS responses to a target
for given hostname, which causes the target to cache a malicious address for
the hostname.
Create ZIP files more easily for modules (PR-6999) - An API call has been added
to make it more convenient and easier to generate a ZIP file. This eliminates
the need to learn how to make a direct REX call.
REX code clean up (PR-7005) - Portions of the REX code has been replaced with
gems to clean up the code base and enable each atomic part to be individually
maintained and tested.

Exploits Added
Apache Continuum Arbitrary Command Execution - Apache Continuum is an
enterprise-ready continuous integration server for popular build tools and
source control management systems. This exploit performs a simple command
injection through a POST parameter. Successful exploitation spawns a shell.
op5 v7.1.9 Configuration Command Execution -  op5 an open source network
monitoring software. This module exploits the configuration page in version
7.1.9 and below that allows the ability to test a system command. This
vulnerability can be exploited to run arbitrary code as an unprivileged user.
Tiki-Wiki CMS Calendar Command Execution - Tiki-Wiki CMS's calendar module
contains a remote code execution vulnerability within the viewmode GET
parameter. If the parameter is enabled, the default permissions are set to not
allow anonymous users access. Successful exploitation of this vulnerability
results in a session as an Apache user.
JSON Swagger CodeGen Parameter Injector - The Swagger API can be used to build
clients for RPC APIs. The Swagger CodeGen parameter injector module generates a
Swagger JSON file with embedded Metasploit payloads and enables you to
introduce arbitrary code for the language that the client is written in.
Currently, this module supports 4 languages for delivery: NodeJS, PHP, Ruby,
and Java.
ClamAV Remote Code Execution - This module takes advantage of a possible
misconfiguration in the ClamAV service on release 0.99.2, which allows you to
send commands to the service. If the service is tied to a socket, the ClamAV
service listens for commands on all addresses. This module connects to the
ClamAV service port and sends the proper commands for VERSION and SHUTDOWN.

-- 
You are receiving this mail because:
You are the assignee for the bug.

More information about the freebsd-ports-bugs mailing list