Eschew updating imagemagick_delegate

The hype is over, and the target was provided as a bonus. Now update the
module language to reflect that.
GSoC/Meterpreter_Web_Console
William Vu 2018-09-05 16:55:46 -05:00
parent 1491f13bd5
commit 692ddc8b8b
3 changed files with 17 additions and 2 deletions

View File

@ -20,6 +20,13 @@ class MetasploitModule < Msf::Exploit
This module exploits a -dSAFER bypass in Ghostscript to execute This module exploits a -dSAFER bypass in Ghostscript to execute
arbitrary commands by handling a failed restore (grestore) in arbitrary commands by handling a failed restore (grestore) in
PostScript to disable LockSafetyParams and avoid invalidaccess. PostScript to disable LockSafetyParams and avoid invalidaccess.
This vulnerability is reachable via libraries such as ImageMagick,
and this module provides the latest vector for Ghostscript.
For previous Ghostscript vectors, please see the following modules:
exploit/unix/fileformat/ghostscript_type_confusion
exploit/unix/fileformat/imagemagick_delegate
}, },
'Author' => [ 'Author' => [
'Tavis Ormandy', # Vuln discovery and exploit 'Tavis Ormandy', # Vuln discovery and exploit

View File

@ -14,8 +14,11 @@ class MetasploitModule < Msf::Exploit
'Description' => %q{ 'Description' => %q{
This module exploits a type confusion vulnerability in Ghostscript that can This module exploits a type confusion vulnerability in Ghostscript that can
be exploited to obtain arbitrary command execution. This vulnerability affects be exploited to obtain arbitrary command execution. This vulnerability affects
Ghostscript version 9.21 and earlier and can be exploited through libraries Ghostscript versions 9.21 and earlier and can be exploited through libraries
such as ImageMagick and Pillow. such as ImageMagick and Pillow.
For more recent Ghostscript vectors, please see the following modules:
exploit/multi/fileformat/ghostscript_failed_restore
}, },
'Author' => [ 'Author' => [
'Atlassian Security Team', # Vulnerability discovery 'Atlassian Security Team', # Vulnerability discovery

View File

@ -22,7 +22,12 @@ class MetasploitModule < Msf::Exploit
The PostScript (PS) target leverages a Ghostscript -dSAFER bypass The PostScript (PS) target leverages a Ghostscript -dSAFER bypass
(discovered by taviso) to achieve RCE in the Ghostscript delegate. (discovered by taviso) to achieve RCE in the Ghostscript delegate.
Ghostscript versions 9.18 and later are affected. Ghostscript versions 9.18 and later are affected. This target is
provided as is and will not be updated to track additional vulns.
For more recent Ghostscript vectors, please see the following modules:
exploit/multi/fileformat/ghostscript_failed_restore
exploit/unix/fileformat/ghostscript_type_confusion
If USE_POPEN is set to true, a |-prefixed command will be used for the If USE_POPEN is set to true, a |-prefixed command will be used for the
exploit. No delegates are involved in this exploitation. exploit. No delegates are involved in this exploitation.