Wednesday, February 9, 2011

Metasploit Framework v.3.5.2 Released

On February 1st, Eduardo Prado of Secumania notified us of a privilege escalation vulnerability on multi-user Windows installations of the Metasploit Framework. The problem was due to inherited permissions that allowed an unprivileged user to write files in the Metasploit installation directory. Today we are releasing version 3.5.2 to fix this vulnerability. The new installers fix this issue through two changes: first, we've moved the default installation to %ProgramFiles%, which does not normally allow non-admin write access; second, we explicitly remove any inherited permissions for the "Users" and "Authenticated Users" groups. For users who prefer not to re-install Metasploit, you can use the following commands to fix the problem:

Vista and newer:

icacls c:\framework /inheritance:d /t
icacls c:\framework /remove *S-1-5-32-545 /t
icacls c:\framework /remove *S-1-5-11 /t

More info and Download:

1 comment:

jagini kotesh said...

Metasploit network security software,Thanks for sharing such an informative article.

Download Metasploit network security software