Containers that fail to Contain

Our own Christophe De La Fuente added a module for CVE-2019-5736 based on the work of Adam Iwaniuk that breaks out of a Docker container by overwriting the runc binary of an image which is run in the user context whenever someone outside the container runs docker exec to make a request of the container.

Execute an Image Please, Wordpress

Community contributor Alexandre Zanni sent us a PR that uses native PHP functions to upload a file as an image attachment to Wordpress installations running the wpDiscuz plugin, then executes it by requesting the path of the uploaded file.

New module content (2)

Enhancements and features

  • #15363 from HynekPetrak - Enhances the auxiliary/scanner/ipmi/ipmi_dumphashes module to have SESSION_RETRY_DELAY and SESSION_MAX_ATTEMPTS options

Get it

As always, you can update to the latest Metasploit Framework with msfupdate
and you can get more details on the changes since the last blog post from
GitHub:

If you are a git user, you can clone the Metasploit Framework repo (master branch) for the latest.
To install fresh without using git, you can use the open-source-only Nightly Installers or the
binary installers (which also include the commercial edition).