The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of BPPM

vulnerability note CVE-2016-9638

BMC Patrol: privilege escalation via virsh

Synthesis of the vulnerability

An attacker can bypass restrictions via virsh of BMC Patrol, in order to escalate his privileges.
Impacted products: PATROL, ProactiveNet Performance Management.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights.
Provenance: user shell.
Creation date: 05/12/2016.
Identifiers: CVE-2016-9638, VIGILANCE-VUL-21264.

Description of the vulnerability

An attacker can bypass restrictions via virsh of BMC Patrol, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2011-0975

BMC Performance: code execution via BGS_MULTIPLE_READS

Synthesis of the vulnerability

An attacker can send a malicious command to BMC Performance (BMC PATROL Agent), in order to execute code with system privileges.
Impacted products: PATROL, ProactiveNet Performance Management.
Severity: 3/4.
Consequences: administrator access/rights.
Provenance: intranet client.
Creation date: 04/02/2011.
Identifiers: BID-46151, CVE-2011-0975, QM001683974, VIGILANCE-VUL-10325, ZDI-11-039.

Description of the vulnerability

The BMC Performance (BMC PATROL Agent) products install Service Daemon and Manager Daemon which listen on the port 6768/tcp by default.

However an attacker can send to this port a BGS_MULTIPLE_READS command indicating a large size, in order to corrupt the memory.

An attacker can therefore send a malicious command to BMC Performance (BMC PATROL Agent), in order to execute code with system privileges.
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2008-5982

BMC Patrol Agent: format string attack

Synthesis of the vulnerability

An attacker can use a format string attack of BMC Patrol Agent in order to execute code on the service.
Impacted products: PATROL, ProactiveNet Performance Management.
Severity: 3/4.
Consequences: privileged access/rights.
Provenance: intranet client.
Creation date: 09/12/2008.
Identifiers: BID-32692, CVE-2008-5982, VIGILANCE-VUL-8300, ZDI-08-082.

Description of the vulnerability

The BMC Patrol Agent product collects information about the system and listens on the port 3181/tcp.

Data received on the port 3181 are logged. However, the version number provided by the client is logged without using a format. For example:
  log(version);
instead of:
  log("%s", version);

An attacker can therefore use a format string attack of BMC Patrol Agent in order to execute code on the service.
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2007-1972 CVE-2007-2136

BMC Patrol, Performance Manager: two vulnerabilities

Synthesis of the vulnerability

Two vulnerabilities affect BMC Patrol and Performance Manager.
Impacted products: PATROL, ProactiveNet Performance Management.
Severity: 3/4.
Consequences: privileged access/rights, denial of service on service.
Provenance: intranet client.
Number of vulnerabilities in this bulletin: 2.
Creation date: 19/04/2007.
Revision date: 20/04/2007.
Identifiers: BID-23557, BID-23559, CVE-2007-1972, CVE-2007-2136, VIGILANCE-VUL-6751, ZDI-07-019, ZDI-07-020.

Description of the vulnerability

Two vulnerabilities affect BMC Patrol and Performance Manager.

The bgs_sdservice.exe process of BMC Patrol listens on port 10128/tcp. An attacker can send malicious XDR data to this port in order to generate an overflow leading to code execution. [severity:3/4; BID-23557, CVE-2007-2136, ZDI-07-019]

The PatrolAgent.exe process of BMC Performance Manager listens on port 3181/tcp. When system uses a security level of 0, 1 or 2, an attacker can connect to this port to send SNMP commands requesting changes in masterAgentName and masterAgentStartLine parameters. The indicated command lines are then executed. [severity:3/4; BID-23559, CVE-2007-1972, ZDI-07-020]
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about BPPM: