Android Binder Use-After-Free
@timwr added a a module that exploits CVE-2019-2215, which is a local privilege escalation vulnerability targeting Binder, the main Inter-Process Communication system in Android. If delivered via the web, only a paired renderer exploit is required, because it is accessible through the sandbox. Three malicious apps disguised as photography and file manager tools were found on the Google Play Store that exploit this vulnerability. There are a number of Android devices, including the Pixel 2 with Android 9 and 10, that are affected. Currently this module works on the Pixel 2 (and Pixel 2 XL) with the September 2019 Security patch level.
OpenNetAdmin 18.1.1 Remote Code Execution
Contributor Onur ER added a Metasploit module exploiting a remote code execution vulnerability in OpenNetAdmin 18.1.1. OpenNetAdmin is a tool for managing IP inventory. Each subnet, host, and IP can be tracked via an AJAX enabled web interface. OpenNetAdmin also provides a full CLI interface for convenience when scripting and performing bulk work. The exploit performs command injection by taking advantage of lacking input validation. Authentication is not required.
Overheard in the Metasploit office this week
Might as well, since you're there...
"Person A: I really appreciate your ‘when in Rome’ coding style changes. Person B: haha I try to blend in as much as I can"
When "self-commenting" code doesn't cut it...
"At least when you see some disclaimer comments you know that the person who wrote it knew that it was bad. When you don't see any comments at all, it’s natural to think that they legitimately thought it was a good idea."
So many blogs, so little time...
"My inability to understand Ruby dependencies has once again caused me to fall in a rabbit hole, and I'm tired of wasting time reading 12 blogs that tell me 12 ways to do this because each one is subtly smarter."
New modules (2)
Enhancements and features
As always, you can update to the latest Metasploit Framework with
msfupdate and you can get more details on the changes since the last blog post from GitHub:
If you are a
git user, you can clone the Metasploit Framework repo (master branch) for the latest. To install fresh without using git, you can use the open-source-only Nightly Installers or the binary installers (which also include the commercial edition).