Vulnerabilities > CVE-2005-2482 - Unspecified vulnerability in Metasploit Framework

CVSS 0.0 - NONE

Attack vector

UNKNOWN

Attack complexity

UNKNOWN

Privileges required

UNKNOWN

Confidentiality impact

UNKNOWN

Integrity impact

UNKNOWN

Availability impact

UNKNOWN

metasploit

NVD

Published: 2005-08-07

Updated: 2024-11-20

Summary

The StateToOptions function in msfweb in Metasploit Framework 2.4 and earlier, when running with the -D option (defanged mode), allows attackers to modify temporary environment variables before the "_Defanged" environment option is checked when processing the Exploit command.

Vulnerable Configurations

Part	Description	Count
Application	Metasploit Metasploit Metasploit Framework 2.4 Metasploit Metasploit Framework 2.1 Metasploit Metasploit Framework 2.3 Metasploit Metasploit Framework 2.0 Metasploit Metasploit Framework 2.2	5

References

http://metasploit.com/archive/framework/msg00469.html
http://metasploit.com/archive/framework/msg00469.html
http://secunia.com/advisories/16318
http://secunia.com/advisories/16318
http://www.osvdb.org/18495
http://www.osvdb.org/18495
http://www.securityfocus.com/bid/14455
http://www.securityfocus.com/bid/14455
https://exchange.xforce.ibmcloud.com/vulnerabilities/21705
https://exchange.xforce.ibmcloud.com/vulnerabilities/21705