Linksys wrt110 validating identity interrodate dating
For readers who prefer the packaged updates for Metasploit Community and Metasploit Pro, you'll be able to install the new hotness today when you check for updates through the Software Updates menu under Administration.
So, in case it's not absolutely clear, Metasploit ve a remote code exec path, but getting your assessment knocked out from under you can be more than a little unpleasant.
Update to Metasploit 4.8.1 before you start your next engagement, and you'll be golden.
Thanks to the revelations around the recent Ruby float conversion denial of service, aka CVE-2013-4164 discovered and reported by Charlie Somerville, this week's release is pretty slim in terms of content; on Friday (the day As far as we are able to tell, it's merely a denial of service, so the worst that happens is that your given Ruby application can crash out with a segfault.
Like most other Ruby bugs that lead to segfaults, we haven't been able to tease any code exec out, but it's not completely impossible.
Alas, we just have the one new exploit that managed to get landed before the Ruby code review and update freak out.
I Promise we'll have more next week, including the Metasploit module that exercises the aforementioned bug (it's landed on our development repo, but that won't be released until next week).
PS: ruby-lang.org, it's a little unneighborly to disclose on a Friday; I'm sure the world's Ruby administrators could have used an extra weekday or two.
We've also updated the Metasploit Framework repo to suggest ruby-1.9.3-p484, so take a moment to install that as well on your development environment if you're that sort.We're not the only ones who were exposed to this, of course.If you have control over your Ruby installations, you'll want to update if you haven't already.If you rely on a cloud provider or some other kind of provisioning service, you should get with them; to take just one example, Sebastian Saunier has a procedure to update all your Heroku apps, all nicely scripted out in this gist.
If you're new to Metasploit, you can get started by downloading Metasploit for Linux or Windows.If you're already tracking the bleeding-edge of Metasploit development, then these modules are but an msfupdate command away.