The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.

Vulnerability of BMC Patrol for AIX: privilege escalation via bgscollect

Synthesis of the vulnerability 

A local attacker can create a malicious library, which is loaded by bgscollect of BMC Patrol for AIX, in order to escalate his privileges.
Impacted products: PATROL.
Severity of this bulletin: 2/4.
Creation date: 14/04/2014.
Références of this threat: CVE-2014-2591, VIGILANCE-VUL-14589.

Description of the vulnerability 

The BMC Patrol for AIX product installs the bgscollect program to collect information about the system. It is installed suid root.

However, it is compiled with an empty RPATH, so it accepts to load libraries located in the current directory.

A local attacker can therefore create a malicious library, which is loaded by bgscollect of BMC Patrol for AIX, in order to escalate his privileges.
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

This computer threat note impacts software or systems such as PATROL.

Our Vigil@nce team determined that the severity of this weakness alert is medium.

The trust level is of type confirmed by a trusted third party, with an origin of user shell.

An attacker with a expert ability can exploit this computer weakness note.

Solutions for this threat 

BMC Patrol for AIX: workaround for bgscollect.
A workaround is to remove the suid bit of /product/bmc/Patrol3/AIX6.1.0.0-64/best1/9.0.00/bgs/bin/bgscollect.
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

Computer vulnerabilities tracking service 

Vigil@nce provides a computer vulnerability watch. The Vigil@nce vulnerability database contains several thousand vulnerabilities.