The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of PATROL

computer vulnerability CVE-2017-13130

BMC Patrol: privilege escalation via mcmnm

Synthesis of the vulnerability

An attacker can bypass restrictions via mcmnm of BMC Patrol, in order to escalate his privileges.
Impacted products: PATROL.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights.
Provenance: user shell.
Creation date: 23/08/2017.
Identifiers: CVE-2017-13130, VIGILANCE-VUL-23595.

Description of the vulnerability

An attacker can bypass restrictions via mcmnm of BMC Patrol, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2016-9638

BMC Patrol: privilege escalation via virsh

Synthesis of the vulnerability

An attacker can bypass restrictions via virsh of BMC Patrol, in order to escalate his privileges.
Impacted products: PATROL, ProactiveNet Performance Management.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights.
Provenance: user shell.
Creation date: 05/12/2016.
Identifiers: CVE-2016-9638, VIGILANCE-VUL-21264.

Description of the vulnerability

An attacker can bypass restrictions via virsh of BMC Patrol, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2014-2591

BMC Patrol for AIX: privilege escalation via bgscollect

Synthesis of the vulnerability

A local attacker can create a malicious library, which is loaded by bgscollect of BMC Patrol for AIX, in order to escalate his privileges.
Impacted products: PATROL.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights.
Provenance: user shell.
Creation date: 14/04/2014.
Identifiers: CVE-2014-2591, VIGILANCE-VUL-14589.

Description of the vulnerability

The BMC Patrol for AIX product installs the bgscollect program to collect information about the system. It is installed suid root.

However, it is compiled with an empty RPATH, so it accepts to load libraries located in the current directory.

A local attacker can therefore create a malicious library, which is loaded by bgscollect of BMC Patrol for AIX, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2011-0975

BMC Performance: code execution via BGS_MULTIPLE_READS

Synthesis of the vulnerability

An attacker can send a malicious command to BMC Performance (BMC PATROL Agent), in order to execute code with system privileges.
Impacted products: PATROL, ProactiveNet Performance Management.
Severity: 3/4.
Consequences: administrator access/rights.
Provenance: intranet client.
Creation date: 04/02/2011.
Identifiers: BID-46151, CVE-2011-0975, QM001683974, VIGILANCE-VUL-10325, ZDI-11-039.

Description of the vulnerability

The BMC Performance (BMC PATROL Agent) products install Service Daemon and Manager Daemon which listen on the port 6768/tcp by default.

However an attacker can send to this port a BGS_MULTIPLE_READS command indicating a large size, in order to corrupt the memory.

An attacker can therefore send a malicious command to BMC Performance (BMC PATROL Agent), in order to execute code with system privileges.
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2008-5982

BMC Patrol Agent: format string attack

Synthesis of the vulnerability

An attacker can use a format string attack of BMC Patrol Agent in order to execute code on the service.
Impacted products: PATROL, ProactiveNet Performance Management.
Severity: 3/4.
Consequences: privileged access/rights.
Provenance: intranet client.
Creation date: 09/12/2008.
Identifiers: BID-32692, CVE-2008-5982, VIGILANCE-VUL-8300, ZDI-08-082.

Description of the vulnerability

The BMC Patrol Agent product collects information about the system and listens on the port 3181/tcp.

Data received on the port 3181 are logged. However, the version number provided by the client is logged without using a format. For example:
  log(version);
instead of:
  log("%s", version);

An attacker can therefore use a format string attack of BMC Patrol Agent in order to execute code on the service.
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2007-1972 CVE-2007-2136

BMC Patrol, Performance Manager: two vulnerabilities

Synthesis of the vulnerability

Two vulnerabilities affect BMC Patrol and Performance Manager.
Impacted products: PATROL, ProactiveNet Performance Management.
Severity: 3/4.
Consequences: privileged access/rights, denial of service on service.
Provenance: intranet client.
Number of vulnerabilities in this bulletin: 2.
Creation date: 19/04/2007.
Revision date: 20/04/2007.
Identifiers: BID-23557, BID-23559, CVE-2007-1972, CVE-2007-2136, VIGILANCE-VUL-6751, ZDI-07-019, ZDI-07-020.

Description of the vulnerability

Two vulnerabilities affect BMC Patrol and Performance Manager.

The bgs_sdservice.exe process of BMC Patrol listens on port 10128/tcp. An attacker can send malicious XDR data to this port in order to generate an overflow leading to code execution. [severity:3/4; BID-23557, CVE-2007-2136, ZDI-07-019]

The PatrolAgent.exe process of BMC Performance Manager listens on port 3181/tcp. When system uses a security level of 0, 1 or 2, an attacker can connect to this port to send SNMP commands requesting changes in masterAgentName and masterAgentStartLine parameters. The indicated command lines are then executed. [severity:3/4; BID-23559, CVE-2007-1972, ZDI-07-020]
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.