PT-2018-6602 · Syncbreeze · Syncbreeze Enterprise

Ryantzj

Published

2018-02-06

Updated

2018-02-27

CVE-2017-17996

CVSS v2.0

9.0

High

Vector

AV:N/AC:L/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions: SyncBreeze Enterprise versions prior to 10.3.14

Description: A buffer overflow issue exists in the Add command functionality. This can be triggered by an authenticated attacker submitting a command name with more than 5000 characters, potentially causing the SyncBreeze Enterprise server to terminate and possibly allowing remote command execution with SYSTEM privilege.

Recommendations: For versions prior to 10.3.14, update to a version that contains a fix for this issue to prevent potential remote command execution. As a temporary workaround, consider restricting the length of command names submitted to the Add command functionality to prevent buffer overflow.

Exploit

Fix

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119

Related Identifiers

CVE-2017-17996

Affected Products

Syncbreeze Enterprise

PT-2018-6602 · Syncbreeze · Syncbreeze Enterprise

CVE-2017-17996

Weakness Enumeration

Related Identifiers

Affected Products

References · 4