PT-2017-17119 · Microsoft · Azure Data Expert Ultimate

Peter Baris

Published

2017-03-10

Updated

2017-03-15

CVE-2017-6506

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Azure Data Expert Ultimate version 2.2.16

Description The issue is related to a buffer overflow in the SMTP verification function, which can lead to remote code execution. This occurs when a crafted SMTP daemon sends a long "Service ready" string, specifically the 220 response code.

Recommendations For Azure Data Expert Ultimate version 2.2.16, consider disabling the SMTP verification function until a patch is available to prevent potential remote code execution. Restrict access to the SMTP daemon to minimize the risk of exploitation. Avoid using the SMTP verification function with untrusted or unknown SMTP daemons until the issue is resolved.

Exploit

Fix

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119

Related Identifiers

CVE-2017-6506

Affected Products

Azure Data Expert Ultimate

PT-2017-17119 · Microsoft · Azure Data Expert Ultimate

CVE-2017-6506

Weakness Enumeration

Related Identifiers

Affected Products

References · 5