CVE-2017-6553

CRITICAL

Quest Privilege Manager for Unix < 6.0.0-50 - Buffer Overflow via ACT_ALERT_EVENT Request

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2017-6553. PoCs published by Metasploit, m0t, including Metasploit module exploits/linux/misc/quest_pmmasterd_bof.

AI-analyzed exploit summary This Metasploit module exploits a buffer overflow in Quest Privilege Manager's pmmasterd daemon via a crafted ACT_ALERT_EVENT request, leading to remote code execution. It includes ROP chains for both x64 and x86 architectures to bypass stack protections and execute arbitrary commands.

Description

Buffer Overflow in Quest One Identity Privilege Manager for Unix before 6.0.0.061 allows remote attackers to obtain full access to the policy server via an ACT_ALERT_EVENT request that causes memory corruption in the pmmasterd daemon.

Exploits (2)

exploitdb WORKING POC VERIFIED

by Metasploit · rubyremotelinux

https://www.exploit-db.com/exploits/42010

View Code ZIP pw:eip

This Metasploit module exploits a buffer overflow in Quest Privilege Manager's pmmasterd daemon via a crafted ACT_ALERT_EVENT request, leading to remote code execution. It includes ROP chains for both x64 and x86 architectures to bypass stack protections and execute arbitrary commands.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Quest Privilege Manager pmmasterd < 6.0.0-27

No auth needed

Prerequisites: Network access to pmmasterd (port 12345) · Ability to bind a privileged port (<=1024) · Target configured as a policy server

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

metasploit WORKING POC NORMAL

by m0t · rubypocunix

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/misc/quest_pmmasterd_bof.rb

View Code ZIP pw:eip

This Metasploit module exploits a buffer overflow in Quest Privilege Manager's pmmasterd daemon (CVE-2017-6553) by sending a maliciously crafted packet to trigger a memcpy-based overflow, leading to remote code execution via ROP chains for x64 and x86 architectures.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Quest Privilege Manager pmmasterd < 6.0.0-27

No auth needed

Prerequisites: Network access to pmmasterd (port 12345) · Ability to bind to a privileged port (<=1024) · Target configured as a policy server

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Third Party Advisory x_refsource_misc

https://0xdeadface.wordpress.com/2017/04/07/multiple-vulnerabilities-in-quest-privilege-manager-6-0-0-xx-cve-2017-6553-cve-2017-6554/

Exploit, Third Party Advisory exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/42010/

Patch, Vendor Advisory x_refsource_misc

https://support.oneidentity.com/privilege-manager-for-unix/kb/SOL133824

Scores

CVSS v3 9.8

EPSS 0.4229

EPSS Percentile 98.5%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-119

Status published

Products (1)

quest/privilege_manager_for_unix < 6.0.0-50

Published Apr 29, 2017

Tracked Since Feb 18, 2026