On February 1st, Eduardo Prado of Secumania notified us of a privilege escalation vulnerability on multi-user Windows installations of the Metasploit Framework. The problem was due to inherited permissions that allowed an unprivileged user to write files in the Metasploit installation directory. Today we are releasing version 3.5.2 to fix this vulnerability. The new installers fix this issue through two changes: first, we've moved the default installation to %ProgramFiles%, which does not normally allow non-admin write access; second, we explicitly remove any inherited permissions for the "Users" and "Authenticated Users" groups. For users who prefer not to re-install Metasploit, you can use the following commands to fix the problem:
Vista and newer:
icacls c:\framework /inheritance:d /t
icacls c:\framework /remove *S-1-5-32-545 /t
icacls c:\framework /remove *S-1-5-11 /t
More info and Download: http://blog.metasploit.com
{ 0 komentar... Views All / Send Comment! }
Posting Komentar