cbcvebase.
CVE-2017-6416
published 2017-03-06

CVE-2017-6416: An issue was discovered in SysGauge 1.5.18. A buffer overflow vulnerability in SMTP connection verification leads to arbitrary code execution. The attack…

PriorityP263critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
10.77%
95.3th percentile
An issue was discovered in SysGauge 1.5.18. A buffer overflow vulnerability in SMTP connection verification leads to arbitrary code execution. The attack vector is a crafted SMTP daemon that sends a long 220 (aka "Service ready") string.

Affected

1 ranges
VendorProductVersion rangeFixed in
flexensesysgauge

Detection & IOCsextracted from sources · hover to see the quote

versionSysGauge 1.5.18
otherSMTP 220 Service Ready oversized response string
  • Monitor for SysGauge client connections to rogue/unexpected SMTP servers; a malicious SMTP server sends an abnormally long 220 'Service ready' banner to trigger the buffer overflow.
  • A Metasploit module exists for this vulnerability (windows/smtp/sysgauge_client_bof); presence of this module in use or related artifacts on a host should be treated as a high-confidence indicator of exploitation attempt.
  • ·Exploitation requires the victim SysGauge 1.5.18 client to initiate an SMTP server validation connection toward an attacker-controlled SMTP server; the attacker must be positioned to respond with a crafted 220 banner.
  • ·Successful exploitation yields only an unprivileged shell; further privilege escalation steps would be required for full system compromise.

CVSS provenance

nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.