CVE-2017-6553 : Buffer Overflow in Quest One Identity Privilege Manager for Unix before 6.0.0.061 allows remote attackers to obtain full

Buffer Overflow in Quest One Identity Privilege Manager for Unix before 6.0.0.061 allows remote attackers to obtain full access to the policy server via an ACT_ALERT_EVENT request that causes memory corruption in the pmmasterd daemon.

Published 2017-04-29 16:59:00

Updated 2017-08-13 01:29:21

Source MITRE

View at NVD, CVE.org

Vulnerability category: OverflowMemory Corruption

Exploit prediction scoring system (EPSS) score for CVE-2017-6553

Probability of exploitation activity in the next 30 days: 61.25%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 97 % EPSS Score History EPSS FAQ

Metasploit modules for CVE-2017-6553

Quest Privilege Manager pmmasterd Buffer Overflow

Disclosure Date: 2017-04-09

First seen: 2020-04-26

exploit/linux/misc/quest_pmmasterd_bof

This modules exploits a buffer overflow in the Quest Privilege Manager, a software used to integrate Active Directory with Linux and Unix systems. The vulnerability exists in the pmmasterd daemon, and can only triggered when the host has been configured as a policy s

More information

CVSS scores for CVE-2017-6553

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
10.0	HIGH	AV:N/AC:L/Au:N/C:C/I:C/A:C	10.0	10.0	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete
9.8	CRITICAL	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	3.9	5.9	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High

CWE ids for CVE-2017-6553

CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2017-6553

https://0xdeadface.wordpress.com/2017/04/07/multiple-vulnerabilities-in-quest-privilege-manager-6-0-0-xx-cve-2017-6553-cve-2017-6554/

Multiple Vulnerabilities in Quest Privilege Manager 6.0.0.xx (CVE-2017-6553, CVE-2017-6554) | 0xDEADFACE
Third Party Advisory

CVEs referencing this url
https://www.exploit-db.com/exploits/42010/

Quest Privilege Manager - pmmasterd Buffer Overflow (Metasploit)
https://support.oneidentity.com/privilege-manager-for-unix/kb/SOL133824

Privilege Manager for Unix Hotfix 6.0.0.061 (133824)
Patch;Vendor Advisory

CVEs referencing this url

Products affected by CVE-2017-6553

Quest » Privilege Manager For Unix
Versions up to, including, (<=) 6.0.0-50
cpe:2.3:a:quest:privilege_manager_for_unix:*:*:*:*:*:*:*:*
Matching versions