CVE-2017-6416
published 2017-03-06CVE-2017-6416: An issue was discovered in SysGauge 1.5.18. A buffer overflow vulnerability in SMTP connection verification leads to arbitrary code execution. The attack…
PriorityP263critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
10.77%
95.3th percentile
An issue was discovered in SysGauge 1.5.18. A buffer overflow vulnerability in SMTP connection verification leads to arbitrary code execution. The attack vector is a crafted SMTP daemon that sends a long 220 (aka "Service ready") string.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| flexense | sysgauge | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Monitor for SysGauge client connections to rogue/unexpected SMTP servers; a malicious SMTP server sends an abnormally long 220 'Service ready' banner to trigger the buffer overflow. ↗
- →A Metasploit module exists for this vulnerability (windows/smtp/sysgauge_client_bof); presence of this module in use or related artifacts on a host should be treated as a high-confidence indicator of exploitation attempt. ↗
- ·Exploitation requires the victim SysGauge 1.5.18 client to initiate an SMTP server validation connection toward an attacker-controlled SMTP server; the attacker must be positioned to respond with a crafted 220 banner. ↗
- ·Successful exploitation yields only an unprivileged shell; further privilege escalation steps would be required for full system compromise. ↗
CVSS provenance
nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
2017-03-06
Published