Back to school blues

Summer is winding down and while our for contributions haven't dropped off (thanks y'all!), we've been tied up with events and a heap of research. Don't despair, though: our own Brent Cook, Pearce Barry, Jeffrey Martin, and Matthew Kienow will be at DerbyCon 9 running the Metasploit Town Hall at noon Friday. They'll be delivering a community update and answering questions, so be sure to attend and say hello if you're there!

${run{cat CVE-2019-10149.txt}}@metasploit.com

A curious bug where text expansions could be evaluated inside the email addresses going through the Exim SMTP server was fixed this spring, but the security considerations with the ${run{}} expansion weren't published until earlier this summer. Our module exploits the local case which is the simplest with the default configuration, but non-default configuration options and convoluted request patterns can allow this vulnerability to be exploited over remote connections as well. Submitted by yaumn it was quite a team effort to get tested and landed. Be sure to keep your Exim patched!

It's 11 o'clock. Do you know what your servers are doing?

While we like popping shells, it is always sad to learn of people using vulns to create more vulns. Take a moment to look over the post on the Webmin website and if you are responsible for a build system consider taking a step to harden it this coming week. Thanks to our own wvu and jrobles-r7 who teamed up to get a module for this out the door quickly.

New modules (2)

Enhancements and features

  • Rex::Text PR #23 changes our Python-formatted binary payload outputs to use b"..." literals when necessary for Python 3 compatibility, thanks to deltaclock

Get it

As always, you can update to the latest Metasploit Framework with msfupdate
and you can get more details on the changes since the last blog post from
GitHub:

We recently announced the release of Metasploit 5. You can get it by cloning the Metasploit Framework repo (master branch). To install fresh without using git, you can use the open-source-only Nightly Installers or the binary installers (which also include the commercial editions).