The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.

Vulnerability of BMC Patrol, Performance Manager: two vulnerabilities

Synthesis of the vulnerability 

Two vulnerabilities affect BMC Patrol and Performance Manager.
Vulnerable software: PATROL, ProactiveNet Performance Management.
Severity of this announce: 3/4.
Number of vulnerabilities in this bulletin: 2.
Creation date: 19/04/2007.
Revision date: 20/04/2007.
Références of this computer vulnerability: BID-23557, BID-23559, CVE-2007-1972, CVE-2007-2136, VIGILANCE-VUL-6751, ZDI-07-019, ZDI-07-020.

Description of the vulnerability 

Two vulnerabilities affect BMC Patrol and Performance Manager.

The bgs_sdservice.exe process of BMC Patrol listens on port 10128/tcp. An attacker can send malicious XDR data to this port in order to generate an overflow leading to code execution. [severity:3/4; BID-23557, CVE-2007-2136, ZDI-07-019]

The PatrolAgent.exe process of BMC Performance Manager listens on port 3181/tcp. When system uses a security level of 0, 1 or 2, an attacker can connect to this port to send SNMP commands requesting changes in masterAgentName and masterAgentStartLine parameters. The indicated command lines are then executed. [severity:3/4; BID-23559, CVE-2007-1972, ZDI-07-020]
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

This vulnerability announce impacts software or systems such as PATROL, ProactiveNet Performance Management.

Our Vigil@nce team determined that the severity of this cybersecurity threat is important.

The trust level is of type confirmed by a trusted third party, with an origin of intranet client.

This bulletin is about 2 vulnerabilities.

An attacker with a expert ability can exploit this computer threat bulletin.

Solutions for this threat 

BMC Patrol, Performance Manager: solution.
BMC has to be contacted to obtain the solution.
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

Computer vulnerabilities tracking service 

Vigil@nce provides a computer vulnerabilities watch and alert. The Vigil@nce security watch publishes vulnerability bulletins about threats impacting the information system.