Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-2482

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2005-2482
Last Modified 05 Sep 2008 04:51:52
Published 07 Aug 2005 12:00:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2005-2482

Summary

The StateToOptions function in msfweb in Metasploit Framework 2.4 and earlier, when running with the -D option (defanged mode), allows attackers to modify temporary environment variables before the "_Defanged" environment option is checked when processing the Exploit command.

Vulnerable Systems

Application

  • Metasploit Framework 2.0

  • Metasploit Framework 2.1

  • Metasploit Framework 2.2

  • Metasploit Framework 2.3

  • Metasploit Framework 2.4


References

SECUNIA - 16318

CONFIRM - http://metasploit.com/archive/framework/msg00469.html

XF - metasploit-defanged-bypass-security(21705)

BID - 14455

OSVDB - 18495


Last Updated: 27 May 2016 10:40:32