Metasploit Framework Local Privilege Escalation Vulnerability Network Vulnerability

Summary

This host is installed with Metasploit Framework and is prone to local privilege escalation vulnerability.

Impact

Successful exploitation will let the local users to execute arbitrary code with LocalSystem privileges when the 'frameworkPostgreSQL' service is restarted. Impact Level: Application.

Solution

Upgrade Metasploit Framework 3.5.2 or later, For updates refer to http://www.metasploit.com/framework/download/

Insight

The flaw is due to the application being installed with insecure filesystem permissions in the system's root drive. This can be exploited to create arbitrary files in certain directories.

Affected

Metasploit Framework version 3.5.1 and prior on windows.

References

http://blog.metasploit.com/2011/02/metasploit-framework-352-released.html
http://osvdb.org/70857
http://secunia.com/advisories/43166
http://www.vupen.com/english/advisories/2011/0371

Updated on 2015-03-25

Severity

Classification

CVE CVE-2011-1056, CVE-2011-1057

CVSS	Base Score: 6.2 AV:L/AC:H/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Adobe Reader Information Disclosure Vulnerability Jun05 (Mac OS X)
Apple Safari Secure Cookie Security Bypass Vulnerability (Mac OS X)
Adobe Flash Player Unspecified Cross-Site Scripting Vulnerability June-2011 (Linux)
Apache Tomcat Remote Code Execution Vulnerability - Sep14
Avant Browser Address Bar Spoofing Vulnerability

Take action and discover your vulnerabilities