Metasploit mailing list archives
Version 2.3 Updates
From: hdm at metasploit.com (H D Moore)
Date: Sun, 16 Jan 2005 15:27:57 -0600
Hello everyone, If you are still using version 2.2, you may have noticed that msfupdate now tells you to upgrade to 2.3. There were enough changes in 2.3 that it would have required nearly *800* downloads to upgrade via the online update system. If you are running FreeBSD, you should be able to upgrade to 2.3 via the ports system. Big thanks to Jonatan B. for creating the port. - http://www.freshports.org/security/metasploit/ For those running already 2.3, you may want to run msfupdate or pull down the latest snapshot from the metasploit.com web site. Post-2.3 Updates ============== - We fixed a problem in msfweb that prevented it from reaping dead child processes; this bug was introduced at the last minute via a typo in the SIGCHLD handler. If you use msfweb on a regular basis, this update is a must. - Martin Bernhard posted to the pen-test mailing list about a problem with the iis_w3who_overflow exploit module. During the last round of release testing, I forgot to double-check the base address of the DLL on Windows 2000 to see if it different from Windows XP. This causes the exploit to fail when used against Windows 2000 targets. We have updated the module to include the correct return address for Windows 2000. - The apache_chunked_win32 exploit module was starting to show its age and has been completely rewritten. The old module was only able to exploit Windows 2000 and Windows NT systems running Apache.org build versions between 1.3.17 to 1.3.24 The new module should work on any version of Windows NT (4.0, 2000, XP, 2003) and successfully targets all Apache.org builds from 1.3.9 to 1.3.24. Additionally, this module now includes a target for the version of Apache bundled with the Oracle 8i database (8.1.7). An alternate exploitation technique (return to heap) was implemented by Matt Murphy and can be found online at the URL below. - http://lists.virus.org/dw-0day-0309/msg00008.html -HD
Current thread:
- Version 2.3 Updates H D Moore (Jan 16)
- Version 2.3 Updates "Joćo Teles" (Jan 16)