Home page logo

metasploit logo Metasploit mailing list archives

msfweb "refang" security update
From: onatan at gmail.com (Jonatan B)
Date: Mon, 25 Jul 2005 17:23:54 +0200

On 7/24/05, H D Moore <hdm at metasploit.com> wrote:

Dino Dai Zovi reported a security flaw in msfweb that would allow a remote
user to bypass the "defanged" mode flag. This flaw affects any users who
run a publicly exposed instance of msfweb with the -D option.
The fix has been pushed to msfupdate, the 2.4 snapshot, and will be
included in version 2.5 (released within the next month hopefully). 

Can you please release it as an intermediate version (2.4.1) ?
It's easier to keep track and know if one is vulnerable that way.

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]