BMC PatrolAgent Version Logging Format String Vulnerability
ZDI-08-082: December 8th, 2008CVE ID
Affected Vendors
Affected Products
-
Patrol
TippingPoint™ IPS Customer Protection
TippingPoint IPS customers are protected against this vulnerability by Digital Vaccine protection filter ID 6129. For further product information on the TippingPoint IPS:Vulnerability Details
This vulnerability allows attackers to execute arbitrary code on vulnerable installations of BMC PatrolAgent. Authentication is not required to exploit this vulnerability.
The specific flaw exists due to a format string handling error during log message writing. Supplying an invalid version number containing format string tokens to a vulnerable target on TCP port 3181 triggers an exploitable format string vulnerability which can result in arbitrary code execution.
Vendor Response
BMC Software states:BMC has issued an update to correct this vulnerability. Customers should upgrade PATROL Agent to version 3.7.30
Disclosure Timeline
-
2008-05-08 - Vulnerability reported to vendor
2008-12-08 - Coordinated public release of advisory
Credit
This vulnerability was discovered by:-
Anonymous
