nDepth Employee Contributions to Open Source Security Software, February 2024 EditionnDepth Employee Contributions to Open Source Security Software, February 2024 Edition

nDepth Employee Contributions to Open Source Security Software, February 2024 Edition


METASPLOIT PROJECT

The Metasploit Project, owned by Rapid 7, is a computer security program which is the world’s most used penetration testing framework. This Free and Open Source Software (FOSS) is used by nearly all penetration testers, and is extremely common in training courses from SANS, EC-Council, and many others.

The Metasploit Project, being Open Source Software, flourishes from the contributions of the community. nDepth’s own Mike Cyr (h00die) is a frequent contributor to the project and has continued to spend their personal time conducting security research and providing enhancements to Metasploit for the benefit of the security community. This month, h00die contributed the following enhancements:

APACHE OFBIZ EXPLOIT UPDATES

Apache OFBiz is an open source enterprise resource planning system. It provides a suite of enterprise applications that integrate and automate many of the business processes of an enterprise. A vulnerability was discovered in 2020 which made it possible for unauthenticated users to gain access to the system, and a metasploit module was created to exploit this flaw. In 2023, new vulnerabilities were found which utilized a very similar exploit path but had some slight nuances. h00die was able to update the existing module to exploit CVE-2023-49070, and CVE-2023-51467 which expanded the exploit’s coverage from versions before 17.12.01, to versions before 18.12.09.

RUNC (DOCKER) LINUX PRIVILEGE ESCALATION

Docker is a set of platform as a service products that use OS-level virtualization to deliver software in packages called containers. Docker is used industry wide for quickly and securely deploying software in a controlled environment. A vulnerability was identified in a sub-component of docker called runc, which is also used in other virtualization products. runc could be utilized to gain root privileges on a linux system by launching a docker image that mounts the host’s file system, but with root privileges. This can allow security practitioners to test Docker implementations and properly secure them from attack.

While working on the exploit, h00die found the vulnerability discoverer’s documentation was missing a character in a critical path for exploitation. Two updates were submitted to snyk repositories to correct the documentation.

To view this month’s contributions, check the following links: