The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of BMC PATROL

security weakness CVE-2019-8352

BMC PATROL: Man-in-the-Middle via Agent

Synthesis of the vulnerability

An attacker can act as a Man-in-the-Middle via Agent on BMC PATROL, in order to read or write data in the session.
Severity: 2/4.
Creation date: 21/05/2019.
Identifiers: CVE-2019-8352, VIGILANCE-VUL-29372.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can act as a Man-in-the-Middle via Agent on BMC PATROL, in order to read or write data in the session.
Full Vigil@nce bulletin... (Free trial)

cybersecurity note CVE-2018-20735

BMC PATROL Agent: privilege escalation via PatrolCli

Synthesis of the vulnerability

An attacker can bypass restrictions via PatrolCli of BMC PATROL Agent, in order to escalate his privileges.
Severity: 1/4.
Creation date: 18/01/2019.
Identifiers: CVE-2018-20735, VIGILANCE-VUL-28307.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can bypass restrictions via PatrolCli of BMC PATROL Agent, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2017-13130

BMC Patrol: privilege escalation via mcmnm

Synthesis of the vulnerability

An attacker can bypass restrictions via mcmnm of BMC Patrol, in order to escalate his privileges.
Severity: 2/4.
Creation date: 23/08/2017.
Identifiers: CVE-2017-13130, VIGILANCE-VUL-23595.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can bypass restrictions via mcmnm of BMC Patrol, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

threat note CVE-2016-9638

BMC Patrol: privilege escalation via virsh

Synthesis of the vulnerability

An attacker can bypass restrictions via virsh of BMC Patrol, in order to escalate his privileges.
Severity: 2/4.
Creation date: 05/12/2016.
Identifiers: CVE-2016-9638, VIGILANCE-VUL-21264.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can bypass restrictions via virsh of BMC Patrol, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

cybersecurity threat CVE-2014-2591

BMC Patrol for AIX: privilege escalation via bgscollect

Synthesis of the vulnerability

A local attacker can create a malicious library, which is loaded by bgscollect of BMC Patrol for AIX, in order to escalate his privileges.
Severity: 2/4.
Creation date: 14/04/2014.
Identifiers: CVE-2014-2591, VIGILANCE-VUL-14589.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The BMC Patrol for AIX product installs the bgscollect program to collect information about the system. It is installed suid root.

However, it is compiled with an empty RPATH, so it accepts to load libraries located in the current directory.

A local attacker can therefore create a malicious library, which is loaded by bgscollect of BMC Patrol for AIX, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

security announce CVE-2011-0975

BMC Performance: code execution via BGS_MULTIPLE_READS

Synthesis of the vulnerability

An attacker can send a malicious command to BMC Performance (BMC PATROL Agent), in order to execute code with system privileges.
Severity: 3/4.
Creation date: 04/02/2011.
Identifiers: BID-46151, CVE-2011-0975, QM001683974, VIGILANCE-VUL-10325, ZDI-11-039.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The BMC Performance (BMC PATROL Agent) products install Service Daemon and Manager Daemon which listen on the port 6768/tcp by default.

However an attacker can send to this port a BGS_MULTIPLE_READS command indicating a large size, in order to corrupt the memory.

An attacker can therefore send a malicious command to BMC Performance (BMC PATROL Agent), in order to execute code with system privileges.
Full Vigil@nce bulletin... (Free trial)

computer threat note CVE-2008-5982

BMC Patrol Agent: format string attack

Synthesis of the vulnerability

An attacker can use a format string attack of BMC Patrol Agent in order to execute code on the service.
Severity: 3/4.
Creation date: 09/12/2008.
Identifiers: BID-32692, CVE-2008-5982, VIGILANCE-VUL-8300, ZDI-08-082.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The BMC Patrol Agent product collects information about the system and listens on the port 3181/tcp.

Data received on the port 3181 are logged. However, the version number provided by the client is logged without using a format. For example:
  log(version);
instead of:
  log("%s", version);

An attacker can therefore use a format string attack of BMC Patrol Agent in order to execute code on the service.
Full Vigil@nce bulletin... (Free trial)

weakness CVE-2007-1972 CVE-2007-2136

BMC Patrol, Performance Manager: two vulnerabilities

Synthesis of the vulnerability

Two vulnerabilities affect BMC Patrol and Performance Manager.
Severity: 3/4.
Number of vulnerabilities in this bulletin: 2.
Creation date: 19/04/2007.
Revision date: 20/04/2007.
Identifiers: BID-23557, BID-23559, CVE-2007-1972, CVE-2007-2136, VIGILANCE-VUL-6751, ZDI-07-019, ZDI-07-020.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

Two vulnerabilities affect BMC Patrol and Performance Manager.

The bgs_sdservice.exe process of BMC Patrol listens on port 10128/tcp. An attacker can send malicious XDR data to this port in order to generate an overflow leading to code execution. [severity:3/4; BID-23557, CVE-2007-2136, ZDI-07-019]

The PatrolAgent.exe process of BMC Performance Manager listens on port 3181/tcp. When system uses a security level of 0, 1 or 2, an attacker can connect to this port to send SNMP commands requesting changes in masterAgentName and masterAgentStartLine parameters. The indicated command lines are then executed. [severity:3/4; BID-23559, CVE-2007-1972, ZDI-07-020]
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.