Eschew updating imagemagick_delegate
The hype is over, and the target was provided as a bonus. Now update the module language to reflect that.GSoC/Meterpreter_Web_Console
parent
1491f13bd5
commit
692ddc8b8b
|
@ -20,6 +20,13 @@ class MetasploitModule < Msf::Exploit
|
||||||
This module exploits a -dSAFER bypass in Ghostscript to execute
|
This module exploits a -dSAFER bypass in Ghostscript to execute
|
||||||
arbitrary commands by handling a failed restore (grestore) in
|
arbitrary commands by handling a failed restore (grestore) in
|
||||||
PostScript to disable LockSafetyParams and avoid invalidaccess.
|
PostScript to disable LockSafetyParams and avoid invalidaccess.
|
||||||
|
|
||||||
|
This vulnerability is reachable via libraries such as ImageMagick,
|
||||||
|
and this module provides the latest vector for Ghostscript.
|
||||||
|
|
||||||
|
For previous Ghostscript vectors, please see the following modules:
|
||||||
|
exploit/unix/fileformat/ghostscript_type_confusion
|
||||||
|
exploit/unix/fileformat/imagemagick_delegate
|
||||||
},
|
},
|
||||||
'Author' => [
|
'Author' => [
|
||||||
'Tavis Ormandy', # Vuln discovery and exploit
|
'Tavis Ormandy', # Vuln discovery and exploit
|
||||||
|
|
|
@ -14,8 +14,11 @@ class MetasploitModule < Msf::Exploit
|
||||||
'Description' => %q{
|
'Description' => %q{
|
||||||
This module exploits a type confusion vulnerability in Ghostscript that can
|
This module exploits a type confusion vulnerability in Ghostscript that can
|
||||||
be exploited to obtain arbitrary command execution. This vulnerability affects
|
be exploited to obtain arbitrary command execution. This vulnerability affects
|
||||||
Ghostscript version 9.21 and earlier and can be exploited through libraries
|
Ghostscript versions 9.21 and earlier and can be exploited through libraries
|
||||||
such as ImageMagick and Pillow.
|
such as ImageMagick and Pillow.
|
||||||
|
|
||||||
|
For more recent Ghostscript vectors, please see the following modules:
|
||||||
|
exploit/multi/fileformat/ghostscript_failed_restore
|
||||||
},
|
},
|
||||||
'Author' => [
|
'Author' => [
|
||||||
'Atlassian Security Team', # Vulnerability discovery
|
'Atlassian Security Team', # Vulnerability discovery
|
||||||
|
|
|
@ -22,7 +22,12 @@ class MetasploitModule < Msf::Exploit
|
||||||
|
|
||||||
The PostScript (PS) target leverages a Ghostscript -dSAFER bypass
|
The PostScript (PS) target leverages a Ghostscript -dSAFER bypass
|
||||||
(discovered by taviso) to achieve RCE in the Ghostscript delegate.
|
(discovered by taviso) to achieve RCE in the Ghostscript delegate.
|
||||||
Ghostscript versions 9.18 and later are affected.
|
Ghostscript versions 9.18 and later are affected. This target is
|
||||||
|
provided as is and will not be updated to track additional vulns.
|
||||||
|
|
||||||
|
For more recent Ghostscript vectors, please see the following modules:
|
||||||
|
exploit/multi/fileformat/ghostscript_failed_restore
|
||||||
|
exploit/unix/fileformat/ghostscript_type_confusion
|
||||||
|
|
||||||
If USE_POPEN is set to true, a |-prefixed command will be used for the
|
If USE_POPEN is set to true, a |-prefixed command will be used for the
|
||||||
exploit. No delegates are involved in this exploitation.
|
exploit. No delegates are involved in this exploitation.
|
||||||
|
|
Loading…
Reference in New Issue