View Issue Details
|ID||Project||Category||View Status||Date Submitted||Last Update|
|0007804||Kali Linux||[All Projects] Kali Package Bug||public||2022-07-18 09:43||2022-08-09 09:21|
|Target Version||Fixed in Version||2022.3|
|Summary||0007804: msfsconsole, msfvenom crashing on newst kali|
|Description||Hi, like titlte|
error is: ruby 3.0; pkeys are immuatable on OpenSSL 3.0 OopenSSL::PKey::PKeyError
immediate patch is needed! Do not upgrade until fixed, please!
|Steps To Reproduce||sudo apt-get full-upgrade -y|
msfconsole (start msf)
|Additional Information||see Screenshot|
Screenshot_20220718_114040.png (82,688 bytes)
Screenshot_20220718_114040.png (82,688 bytes)
initial report by: aBcDefgHIjKlMnOp (alphabetman) on offsec discord
issue id 16782 on github (probably ref link to another issue)
Kindly find the fix I've provided here: https://github.com/rapid7/metasploit-framework/issues/16782#issuecomment-1188326052
The Metasploit team has patch applied to mitigate the crash on Metasploit 6.2.8 - https://github.com/rapid7/metasploit-framework/pull/16771. I don't believe this version is available on Kali yet, which only seems to offer 6.2.6 currently
The fix can be applied locally for Kali - https://github.com/rapid7/metasploit-framework/issues/16767#issuecomment-1185395510
||I haven't verified yet, but based on what I'm seeing in terms of the API changes with the OpenSSL 3.0 upgrade there may be other impacted tools in Kali's ecosystem - in particular Ruby tools|
I have uploaded the version 6.2.7-0kali1 yesterday. It was only a renaming of the ssh module.
I just uploaded a new version 6.2.7-0kali2. I removed the renaming and I included the fix of the gem hrr_rb_ssh. It should be available in few hours on all the mirrors.
Thanks for the update sbrun :+1:
After more digging on Metasploit's side - it looks like Metasploit's SMB modules, and a handful of other modules that rely on RubyNTLM crypto, or legacy crypto in general such as des/rc4/etc, will be broken by the OpenSSL 3.0 changes as well.
Is it possible to pin Kali to OpenSSL 1.1.1 for a bit longer until there's more of a QA pass on Metasploit and Kali's other tools? Fixing Metasploit's transitive dependencies in Ruby gems will take a while to sort out.
Unfortunately I don't see any obvious way to use OpenSSL 1.1.1 in Kali.
Most of the packages are from Debian (like ruby, openssl...) and Debian has switched to OpenSSL3. The packages using OpenSSL in Debian have been rebuilt against OpenSSL 3 and they now require OpenSSL3.
Ruby 3 now requires OpenSSL3 in Kali . I can't change that easily.
I need to check what I can do without breaking the other Debian packages.
Thanks for taking a look :+1:
Just an update on our side -
I'm working through upgrading metasploit-framework for improved OpenSSL 3 support currently - https://github.com/rapid7/metasploit-framework/pull/16800. The unit tests are now passing green, but there will still be modules that are broken if OpenSSL is being used and there's not a corresponding unit test to catch regressions.
So far there's 4 Ruby library dependencies that will need updated upstream to work with OpenSSL 3 - I've got PRs created for 3 of the libraries now. We might need to temporarily fork/monkey patch those libraries on Rapid7's side to unblock a release. I'm hoping to get our changes landed for the next release or so, so hopefully 1-2 weeks.
I haven't tested other Ruby tools in Kali's ecosystem, but there's the potential for those tools to also have issues.
||This is now fixed with metasploit-framework 6.2.7-0kali3 in kali repositories|
|2022-07-18 09:43||kzb||New Issue|
|2022-07-18 09:43||kzb||File Added: Screenshot_20220718_114040.png|
|2022-07-18 10:17||kzb||Note Added: 0016399|
|2022-07-18 14:43||rhertzog||Note Added: 0016400|
|2022-07-18 14:43||rhertzog||Assigned To||=> sbrun|
|2022-07-18 14:43||rhertzog||Status||new => assigned|
|2022-07-18 21:40||X0RW3LL||Note Added: 0016401|
|2022-07-18 23:33||adfoster-r7||Note Added: 0016402|
|2022-07-20 01:27||adfoster-r7||Note Added: 0016406|
|2022-07-20 10:19||sbrun||Note Added: 0016407|
|2022-07-20 12:45||adfoster-r7||Note Added: 0016408|
|2022-07-20 15:38||Demonroyal||Issue cloned: 0007809|
|2022-07-20 17:03||sbrun||Relationship added||has duplicate 0007808|
|2022-07-21 12:25||sbrun||Note Added: 0016415|
|2022-07-21 16:02||adfoster-r7||Note Added: 0016416|
|2022-07-22 09:36||daniruiz||Note Added: 0016418|
|2022-07-22 09:36||daniruiz||Status||assigned => resolved|
|2022-07-22 09:36||daniruiz||Resolution||open => fixed|
|2022-07-22 09:36||daniruiz||Fixed in Version||=> 2022.3|
|2022-08-05 12:38||g0tmi1k||Relationship added||has duplicate 0007809|