A new OpenBSD local exploit

Community contributor bcoles brings us a new exploit module for CVE-2019-19726, a vulnerability originally discovered by Qualys in OpenBSD. This vulnerability is pretty interesting in the sense that it leverages a bug in the _dl_getenv function that can be triggered to load libutil.so from an attacker controlled location.

A meta-metasploit DoS

Metasploit itself received some attention in the form of an auxiliary module that can be used to trigger a denial of service condition. This particular vulnerability affects the http(s) handler service. Leveraging this vulnerability can lead to established sessions becoming unresponsive. The module provides three types of DoS conditions via the DOSTYPE option, check out the extended module information with info -d to read about each one. Finally, be sure to upgrade to version 5.0.28 or later to patch this issue.

Module improvements

With no shortage of Wordpress related-modules (there are 61 currently using our texploit mixin) it's important to have effective version detection. This past week saw improvements made to this by our own Christophe De La Fuente who added more descriptive log messages for a couple of check codes. This will help users understand why a Metasploit module's check routine arrived at a decision that it did which can also help when troubleshooting certain settings.

The Linux BPF doubleput UAF Privilege Escalation module now includes a helpful reminder for operators that the first few lines of the /etc/crontab file were overwritten and need to be manually removed. This is a byproduct of the exploit process and definitely something that folks will want to cleanup when using this module.

New modules (2)

Enhancements and features

Get it

As always, you can update to the latest Metasploit Framework with msfupdate and you can get more details on the changes since the last blog post from GitHub:

We recently announced the release of Metasploit 5. You can get it by cloning the Metasploit Framework repo (master branch). To install fresh without using git, you can use the open-source-only Nightly Installers or the binary installers(which also include the commercial editions).