module
Quest Privilege Manager pmmasterd Buffer Overflow
| Disclosed | Created |
|---|---|
| 04/09/2017 | 05/30/2018 |
Disclosed
04/09/2017
Created
05/30/2018
Description
This modules exploits a buffer overflow in the Quest Privilege Manager,
a software used to integrate Active Directory with Linux and Unix
systems. The vulnerability exists in the pmmasterd daemon, and can only
triggered when the host has been configured as a policy server (
Privilege Manager for Unix or Quest Sudo Plugin). A buffer overflow
condition exists when handling requests of type ACT_ALERT_EVENT, where
the size of a memcpy can be controlled by the attacker. This module
only works against version vulnerable, but not supported by this module (a stack cookie bypass is
required). NOTE: To use this module it is required to be able to bind a
privileged port ( from unprivileged ports, which in most situations means that root
privileges are required.
a software used to integrate Active Directory with Linux and Unix
systems. The vulnerability exists in the pmmasterd daemon, and can only
triggered when the host has been configured as a policy server (
Privilege Manager for Unix or Quest Sudo Plugin). A buffer overflow
condition exists when handling requests of type ACT_ALERT_EVENT, where
the size of a memcpy can be controlled by the attacker. This module
only works against version vulnerable, but not supported by this module (a stack cookie bypass is
required). NOTE: To use this module it is required to be able to bind a
privileged port ( from unprivileged ports, which in most situations means that root
privileges are required.
Author
m0t
Platform
Unix
Architectures
cmd
References
Module Options
To display the available options, load the module within the Metasploit console and run the commands ‘show options’ or ‘show advanced’:
msf > use exploit/linux/misc/quest_pmmasterd_bof
msf /(f) > show actions
...actions...
msf /(f) > set ACTION < action-name >
msf /(f) > show options
...show and set options...
msf /(f) > run
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.