10
CVSSv2

CVE-2017-6553

Published: 29/04/2017 Updated: 13/08/2017
CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
VMScore: 1000
Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Summary

Buffer Overflow in Quest One Identity Privilege Manager for Unix prior to 6.0.0.061 allows remote malicious users to obtain full access to the policy server via an ACT_ALERT_EVENT request that causes memory corruption in the pmmasterd daemon.

Most Upvoted Vulmon Research Post

There is no Researcher post for this vulnerability
Would you like to share something about it? Sign up now to share your knowledge with the community.
Vulnerable Product Search on Vulmon Subscribe to Product

quest privilege manager for unix

Exploits

## # This module requires Metasploit: metasploitcom/download # Current source: githubcom/rapid7/metasploit-framework ## class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Exploit::Remote::Tcp def initialize(info = {}) super(update_info(info, 'Name' => 'Quest Privilege Manag ...

Mailing Lists

This Metasploit modules exploits a buffer overflow in the Quest Privilege Manager, a software used to integrate Active Directory with Linux and Unix systems The vulnerability exists in the pmmasterd daemon, and can only triggered when the host has been configured as a policy server ( Privilege Manager for Unix or Quest Sudo Plugin) A buffer overf ...

Metasploit Modules

Quest Privilege Manager pmmasterd Buffer Overflow

This modules exploits a buffer overflow in the Quest Privilege Manager, a software used to integrate Active Directory with Linux and Unix systems. The vulnerability exists in the pmmasterd daemon, and can only triggered when the host has been configured as a policy server ( Privilege Manager for Unix or Quest Sudo Plugin). A buffer overflow condition exists when handling requests of type ACT_ALERT_EVENT, where the size of a memcpy can be controlled by the attacker. This module only works against version < 6.0.0-27. Versions up to 6.0.0-50 are also vulnerable, but not supported by this module (a stack cookie bypass is required). NOTE: To use this module it is required to be able to bind a privileged port ( <=1024 ) as the server refuses connections coming from unprivileged ports, which in most situations means that root privileges are required.

msf > use exploit/linux/misc/quest_pmmasterd_bof
      msf exploit(quest_pmmasterd_bof) > show targets
            ...targets...
      msf exploit(quest_pmmasterd_bof) > set TARGET <target-id>
      msf exploit(quest_pmmasterd_bof) > show options
            ...show and set options...
      msf exploit(quest_pmmasterd_bof) > exploit