Metasploit Framework 3.5.2 Released!

Senin, 23 Mei 2011

Originally Posted by egypt

On February 1st, Eduardo Prado of Secumania notified us of a privilege escalation vulnerability on multi-user Windows installations of the Metasploit Framework.  The problem was due to inherited permissions that allowed an unprivileged user to write files in the Metasploit installation directory.  Today we are releasing version 3.5.2 to fix this vulnerability.  The new installers fix this issue through two changes: first, we've moved the default installation to %ProgramFiles%, which does not normally allow non-admin write access; second, we explicitly remove any inherited permissions for the "Users" and "Authenticated Users" groups.  For users who prefer not to re-install Metasploit, you can use the following commands to fix the problem:

Vista and newer:

icacls c:\framework /inheritance:d /t
icacls c:\framework /remove *S-1-5-32-545 /t
icacls c:\framework /remove *S-1-5-11 /t

For systems older than Vista, you will need the xcacls.vbs tool available from Microsoft

xcacls.vbs c:\framework /E /R SID#S-1-5-32-545 /T

Note that the "Authenticated Users" group doesn't exist before Vista, so you only need to remove "Users".

This issue is mitigated by the fact that it only affects multi-user Windows installations with low-privileged accounts, a scenario we believe to be a small percentage of our users.

In addition to fixing this vulnerability, the 3.5.2 release fixes over 50 bugs and contains 39 new modules.  Also included in this release is a revamped WMAP courtesy of Efrain Torres, improvements to Meterpreter's railgun extension thanks to chao-mu, and a fledgling version of Post Exploitation modules (a more powerful replacement for Meterpreter scripts). Raphael Mudge's Armitage was also integrated in this release. Post modules are still in their infancy and will likely be much improved in the next release. 09 Feb, 2011

0 komentar:

Posting Komentar

Ayo gan Komentarnya jangan lupa,,,biar tambah semangat yang upload Film dan Game dan berita juga update artikelnya, kalau ada link yang mati laporkan juga disini ya...

gamers holic dan security web dan aneka ragam © 2011 | Designed by Bingo Cash, in collaboration with Modern Warfare 3, VPS Hosting and Compare Web Hosting
Related Posts Plugin for WordPress, Blogger...