Land rapid7#5271, Symantec Workspace Streaming updates

wvu · wvu · commit 1eeb9af2d045 · 2015-04-29T14:16:23.000-05:00
diff --git a/modules/exploits/windows/antivirus/symantec_workspace_streaming_exec.rb b/modules/exploits/windows/antivirus/symantec_workspace_streaming_exec.rb
@@ -15,15 +15,16 @@ class Metasploit3 < Msf::Exploit::Remote
 
   def initialize(info = {})
     super(update_info(info,
-      'Name'        => 'Symantec Workspace Streaming Arbitrary File Upload',
+      'Name'        => 'Symantec Workspace Streaming ManagementAgentServer.putFile XMLRPC Request Arbitrary File Upload',
       'Description' => %q{
         This module exploits a code execution flaw in Symantec Workspace Streaming. The
         vulnerability exists in the ManagementAgentServer.putFile XMLRPC call exposed by the
         as_agent.exe service, which allows for uploading arbitrary files under the server root.
         This module abuses the auto deploy feature in the JBoss as_ste.exe instance in order
         to achieve remote code execution. This module has been tested successfully on Symantec
-        Workspace Streaming 6.1 SP8 and Windows 2003 SP2. Abused services listen on a single
-        machine deployment, and also in the backend role in a multiple machine deployment.
+        Workspace Streaming 6.1 SP8 and Windows 2003 SP2, and reported to affect 7.5.0.x. 
+        Abused services listen on a single-machine deployment and also in the backend role in
+        a multiple-machine deployment.
       },
       'Author'       =>
         [
@@ -35,6 +36,7 @@ def initialize(info = {})
         [
           ['CVE', '2014-1649'],
           ['BID', '67189'],
+          ['OSVDB', '106923'],
           ['ZDI', '14-127'],
           ['URL', 'http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20140512_00']
         ],
@@ -51,7 +53,7 @@ def initialize(info = {})
     register_options(
       [
         Opt::RPORT(9855), # as_agent.exe (afuse XMLRPC to upload arbitrary file)
-        OptPort.new('STE_PORT', [true, "The remote as_ste.exe AS server port", 9832]), # as_ste.exe (abuse jboss auto deploy)
+        OptPort.new('STE_PORT', [true, "The remote as_ste.exe AS server port", 9832]), # as_ste.exe (abuse JBoss auto deploy)
       ], self.class)
   end
 
@@ -227,11 +229,11 @@ def check
   end
 
   def exploit
-    print_status("#{peer} - Leaking the jboss deployment directory...")
+    print_status("#{peer} - Leaking the JBoss deployment directory...")
     jboss_path =jboss_deploy_path
 
     if jboss_path.nil?
-      fail_with(Failure::Unknown, "#{peer} - Failed to disclose the jboss deployment directory")
+      fail_with(Failure::Unknown, "#{peer} - Failed to disclose the JBoss deployment directory")
     end
 
     print_status("#{peer} - Building WAR payload...")
