Eschew updating imagemagick_delegate

The hype is over, and the target was provided as a bonus. Now update the module language to reflect that.
2018-09-05 16:55:46 -05:00 · 2018-09-05 16:55:46 -05:00 · 692ddc8b8b
parent 1491f13bd5
commit 692ddc8b8b
3 changed files with 17 additions and 2 deletions
--- a/modules/exploits/multi/fileformat/ghostscript_failed_restore.rb
+++ b/modules/exploits/multi/fileformat/ghostscript_failed_restore.rb
@ -20,6 +20,13 @@ class MetasploitModule < Msf::Exploit
        This module exploits a -dSAFER bypass in Ghostscript to execute
        arbitrary commands by handling a failed restore (grestore) in
        PostScript to disable LockSafetyParams and avoid invalidaccess.
+
+        This vulnerability is reachable via libraries such as ImageMagick,
+        and this module provides the latest vector for Ghostscript.
+
+        For previous Ghostscript vectors, please see the following modules:
+          exploit/unix/fileformat/ghostscript_type_confusion
+          exploit/unix/fileformat/imagemagick_delegate
      },
      'Author'         => [
        'Tavis Ormandy', # Vuln discovery and exploit
--- a/modules/exploits/unix/fileformat/ghostscript_type_confusion.rb
+++ b/modules/exploits/unix/fileformat/ghostscript_type_confusion.rb
@ -14,8 +14,11 @@ class MetasploitModule < Msf::Exploit
      'Description'    => %q{
        This module exploits a type confusion vulnerability in Ghostscript that can
        be exploited to obtain arbitrary command execution. This vulnerability affects
-        Ghostscript version 9.21 and earlier and can be exploited through libraries
+        Ghostscript versions 9.21 and earlier and can be exploited through libraries
        such as ImageMagick and Pillow.
+
+        For more recent Ghostscript vectors, please see the following modules:
+          exploit/multi/fileformat/ghostscript_failed_restore
      },
      'Author'         => [
        'Atlassian Security Team', # Vulnerability discovery
--- a/modules/exploits/unix/fileformat/imagemagick_delegate.rb
+++ b/modules/exploits/unix/fileformat/imagemagick_delegate.rb
@ -22,7 +22,12 @@ class MetasploitModule < Msf::Exploit

        The PostScript (PS) target leverages a Ghostscript -dSAFER bypass
        (discovered by taviso) to achieve RCE in the Ghostscript delegate.
-        Ghostscript versions 9.18 and later are affected.
+        Ghostscript versions 9.18 and later are affected. This target is
+        provided as is and will not be updated to track additional vulns.
+
+        For more recent Ghostscript vectors, please see the following modules:
+          exploit/multi/fileformat/ghostscript_failed_restore
+          exploit/unix/fileformat/ghostscript_type_confusion

        If USE_POPEN is set to true, a |-prefixed command will be used for the
        exploit. No delegates are involved in this exploitation.