mailing list archives
msfweb "refang" security update
From: onatan at gmail.com (Jonatan B)
Date: Mon, 25 Jul 2005 17:23:54 +0200
On 7/24/05, H D Moore <hdm at metasploit.com> wrote:
Dino Dai Zovi reported a security flaw in msfweb that would allow a remote
user to bypass the "defanged" mode flag. This flaw affects any users who
run a publicly exposed instance of msfweb with the -D option.
The fix has been pushed to msfupdate, the 2.4 snapshot, and will be
included in version 2.5 (released within the next month hopefully).
Can you please release it as an intermediate version (2.4.1) ?
It's easier to keep track and know if one is vulnerable that way.