Metasploit mailing list archives
Version 2.3 Updates - February 2, 2005
From: hdm at metasploit.com (H D Moore)
Date: Wed, 2 Feb 2005 05:12:52 -0600
Hello everyone, The samba trans2open exploit for the Solaris/SPARC platform has been added to the framework (via msfupdate or snapshot). A big thanks goes to MC and valsmith for working out some bugs :-) The cmd_sol_bind and cmd_irix_bind payloads have been updated to clean up the temp services file and use pid-based file names. This should resolve any problems with multi-exploiting the same system. The OSVDB project has added entries for almost all of the metasploit framework exploits. The following modules were updated with the new OSVDB reference IDs: backupexec_ns.pm iis_w3who_overflow.pm imail_imap_delete.pm irix_lpsched_exec.pm mercantec_softcart.pm mssql2000_preauthentication.pm openview_omniback.pm solaris_dtspcd_noir.pm solaris_lpd_exec.pm solaris_ttyprompt.pm squid_ntlm_authenticate.pm webstar_ftp_user.pm The WINS module now detects systems that have the same SP3/SP4 address as the one posted by grutz. There have been a couple reports of the exploit failing against SP4++ however I have not been able to reproduce this. The WINS "worm" actually uses the same exploit vector as this module, so I have no idea how they expected it work against 2003 systems. The Credits module had a few minor updates, if you contributed a module to the project (or donated via the web site and want to be listed), please drop us a message if you don't see your name. -HD
Current thread:
- Version 2.3 Updates - February 2, 2005 H D Moore (Feb 02)