Advisory Details

December 8th, 2008

BMC PatrolAgent Version Logging Format String Vulnerability

ZDI-08-082
ZDI-CAN-325

CVE ID CVE-2008-5982
CVSS SCORE
AFFECTED VENDORS BMC Software
AFFECTED PRODUCTS Patrol
TIPPINGPOINT™ IPS CUSTOMER PROTECTION TippingPoint IPS customers are protected against this vulnerability by Digital Vaccine protection filter ID 6129. For further product information on the TippingPoint IPS: http://www.tippingpoint.com
VULNERABILITY DETAILS

This vulnerability allows attackers to execute arbitrary code on vulnerable installations of BMC PatrolAgent. Authentication is not required to exploit this vulnerability.

The specific flaw exists due to a format string handling error during log message writing. Supplying an invalid version number containing format string tokens to a vulnerable target on TCP port 3181 triggers an exploitable format string vulnerability which can result in arbitrary code execution.

VENDOR RESPONSE BMC Software states:

BMC has issued an update to correct this vulnerability. Customers should upgrade PATROL Agent to version 3.7.30


DISCLOSURE TIMELINE
  • 2008-05-08 - Vulnerability reported to vendor
  • 2008-12-08 - Coordinated public release of advisory
CREDIT Anonymous
BACK TO ADVISORIES