PT-2011-2842 · Rapid7 · Metasploit Framework

Published

2011-02-21

Updated

2011-06-20

CVE-2011-1056

CVSS v2.0

6.2

Medium

Vector

AV:L/AC:H/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Metasploit Framework version 3.5.1

Description The issue concerns the installer for the Metasploit Framework, which, when running on Windows, uses weak inherited permissions for the Metasploit installation directory. This weakness allows local users to gain privileges by replacing critical files with a Trojan horse.

Recommendations For Metasploit Framework version 3.5.1, consider restricting access to the Metasploit installation directory to prevent local users from replacing critical files until a fix is available.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-264

Related Identifiers

CVE-2011-1056

Affected Products

Metasploit Framework

PT-2011-2842 · Rapid7 · Metasploit Framework

CVE-2011-1056

Weakness Enumeration

Related Identifiers

Affected Products

References · 6