Published: 14/04/2017 Updated: 03/10/2019

CVSS v2 Base Score: 9 | Impact Score: 10 | Exploitability Score: 8

CVSS v3 Base Score: 7.2 | Impact Score: 5.9 | Exploitability Score: 1.2

VMScore: 905

Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C

pmmasterd in Quest Privilege Manager prior to 6.0.0.061, when configured as a policy server, allows remote malicious users to write to arbitrary files and consequently execute arbitrary code with root privileges via an ACT_NEWFILESENT action.

Vulnerable Product	Search on Vulmon	Subscribe to Product
quest privilege manager 6.0.0-27
quest privilege manager 6.0.0-50

#!/usr/bin/env python2 """ # Exploit Title: Quest Privilege Manager pmmasterd Arbitrary File Write # Date: 10/Mar/2017 # Exploit Author: m0t # Vendor Homepage: wwwquestcom/products/privilege-manager-for-unix/ # Version: 600-27, 600-50 # Tested on: ubuntu 1404 x86_64, ubuntu 1604 x86, ubuntu 1204 x86 # CVE : 2017-6554 REQUIREMENTS ...

CWE-20 https://www.exploit-db.com/exploits/41861/http://packetstormsecurity.com/files/142095/Quest-Privilege-Manager-6.0.0-Arbitrary-File-Write.html http://www.securityfocus.com/bid/97686 https://support.oneidentity.com/privilege-manager-for-unix/kb/SOL133824 https://0xdeadface.wordpress.com/2017/04/07/multiple-vulnerabilities-in-quest-privilege-manager-6-0-0-xx-cve-2017-6553-cve-2017-6554/https://nvd.nist.gov https://www.exploit-db.com/exploits/41861/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2017-6554

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect