Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Parameterise args to popen3() #14288

Conversation

justinsteven
Copy link
Contributor

@justinsteven justinsteven commented Oct 19, 2020

Verification

List the steps needed to make sure this thing works

  • Do msfvenom -p android/meterpreter/reverse_tcp -x <path_to_apkfile> and ensure it works (or is at least no more wonky than APK file templating currently is)
  • Review the diff for typos or improper parameterisation - ensure it's functionally equivalent to the old code

@smcintyre-r7
Copy link
Contributor

Alright, I've been able to reproduce the original issue and confirm that this fixes it. Thank you very much @justinsteven !

I'll have this merged in momentarily.

@smcintyre-r7 smcintyre-r7 merged commit 9d1642c into rapid7:master Oct 20, 2020
3 checks passed
@pbarry-r7 pbarry-r7 added the rn-fix release notes fix label Oct 28, 2020
@pbarry-r7
Copy link
Contributor

pbarry-r7 commented Oct 28, 2020

Release Notes

Fixed CVE-2020-7384, a client-side command injection issue with msfvenom's handling of a malicious APK template, which was discovered, reported, and fixed by Justin Steven.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug library rn-fix release notes fix
Projects
None yet
Development

Successfully merging this pull request may close these issues.

None yet

3 participants