CVE-2005-2482

Name of the Vulnerable Software and Affected Versions Metasploit Framework versions 2.4 and earlier

Description The issue concerns the StateToOptions function in msfweb, which is part of the Metasploit Framework. When running in defanged mode (with the -D option), this function allows attackers to modify temporary environment variables before the " Defanged" environment option is checked. This occurs during the processing of the Exploit command.

Recommendations For Metasploit Framework versions 2.4 and earlier, consider disabling the StateToOptions function or defanged mode until a fix is available to prevent potential exploitation. Restrict access to the Exploit command to minimize the risk of modification of temporary environment variables.