A new OpenBSD local exploit
Community contributor bcoles brings us a new exploit module for CVE-2019-19726, a vulnerability originally discovered by Qualys in OpenBSD. This vulnerability is pretty interesting in the sense that it leverages a bug in the
_dl_getenv function that can be triggered to load
libutil.so from an attacker controlled location.
A meta-metasploit DoS
Metasploit itself received some attention in the form of an auxiliary module that can be used to trigger a denial of service condition. This particular vulnerability affects the http(s) handler service. Leveraging this vulnerability can lead to established sessions becoming unresponsive. The module provides three types of DoS conditions via the
DOSTYPE option, check out the extended module information with
info -d to read about each one. Finally, be sure to upgrade to version 5.0.28 or later to patch this issue.
With no shortage of Wordpress related-modules (there are 61 currently using our texploit mixin) it's important to have effective version detection. This past week saw improvements made to this by our own Christophe De La Fuente who added more descriptive log messages for a couple of check codes. This will help users understand why a Metasploit module's check routine arrived at a decision that it did which can also help when troubleshooting certain settings.
The Linux BPF doubleput UAF Privilege Escalation module now includes a helpful reminder for operators that the first few lines of the
/etc/crontab file were overwritten and need to be manually removed. This is a byproduct of the exploit process and definitely something that folks will want to cleanup when using this module.
New modules (2)
- OpenBSD Dynamic Loader chpass Privilege Escalation by
bcoles and Qualys
- Metasploit HTTP(S) handler DoS by Jose Garduno and Angelo Seiler
Enhancements and features
- PR #12640 from Christophe De La Fluente improves Wordpress check logic.
- PR #12760 from bcoles adds a notice to cleanup the crontab file when exploiting CVE-2019-05-04.
As always, you can update to the latest Metasploit Framework with
msfupdate and you can get more details on the changes since the last blog post from GitHub:
We recently announced the release of Metasploit 5. You can get it by cloning the Metasploit Framework repo (master branch). To install fresh without using git, you can use the open-source-only Nightly Installers or the binary installers(which also include the commercial editions).