Describe vulns in more detail, add more URLs

jhart-r7 · jhart-r7 · commit ff440ed5a4d9 · 2014-12-22T20:20:48.000-08:00
diff --git a/modules/exploits/multi/http/git_cve_2014_9390.rb b/modules/exploits/multi/http/git_cve_2014_9390.rb
@@ -13,17 +13,27 @@ class Metasploit4 < Msf::Exploit::Remote
   def initialize(info = {})
     super(update_info(
       info,
-      'Name' => 'Malicious Git HTTP Server For CVE-2014-9390',
+      'Name' => 'Malicious Git and Mercurial HTTP Server For CVE-2014-9390',
       'Description' => %q(
-        This module exploits CVE-2014-9390, which affects Git versions less
-        than 1.8.5.6, 1.9.5, 2.0.5, 2.1.4 and 2.2.1 on operating systems which
-        have case-insensitive file systems like Windows and OS X.  Because the
-        file system is case-insensitive, sensitive files in the .git directory
-        can be overwritten by other files which live in a server-side .git
-        directory which only differs in case (for example, .giT).  This results
-        in all manner of potential consequences, including remote code
-        execution.
-      ),
+        This module exploits CVE-2014-9390, which affects Git (versions less
+        than 1.8.5.6, 1.9.5, 2.0.5, 2.1.4 and 2.2.1) and Mercurial (versions
+        less than 3.2.3) and describes three vulnerabilities.
+
+        On operating systems which have case-insensitive file systems, like
+        Windows and OS X, Git clients can be convinced to retrieve and
+        overwrite sensitive configuration files in the .git
+        directory which can allow arbitrary code execution if a vulnerable
+        client can be convinced to perform certain actions (for example,
+        a checkout) against a malicious Git repository.
+
+        A second vulnerability with similar characteristics also exists in both
+        Git and Mercurial clients, on HFS+ file systems (Mac OS X) only, where
+        certain Unicode codepoints are ignorable.
+
+        The third vulnerability with similar characteristics only affects
+        Mercurial clients on Windows, where Windows "short names"
+        (MS-DOS-compatible 8.3 format) are supported.
+    ),
       'License' => MSF_LICENSE,
       'Author' => [
         'Jon Hart <jon_hart[at]rapid7.com>' # metasploit module
@@ -32,7 +42,11 @@ def initialize(info = {})
         [
           ['CVE', '2014-9390'],
           ['URL', 'http://git-blame.blogspot.com.es/2014/12/git-1856-195-205-214-and-221-and.html'],
-          ['URL', 'https://www.mehmetince.net/one-git-command-may-cause-you-hacked-cve-2014-9390-exploitation-for-shell/']
+          ['URL', 'https://www.mehmetince.net/one-git-command-may-cause-you-hacked-cve-2014-9390-exploitation-for-shell/'],
+          ['URL', 'http://mercurial.selenic.com/wiki/WhatsNew#Mercurial_3.2.3_.282014-12-18.29'],
+          ['URL', 'http://selenic.com/repo/hg-stable/rev/c02a05cc6f5e'],
+          ['URL', 'http://selenic.com/repo/hg-stable/rev/6dad422ecc5a']
+
         ],
       'DisclosureDate' => 'Dec 18 2014',
       # TODO: correct all of this
