CyberSec.Space Logo
Back to CVE Browser

CVE-2008-5982

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.1780%
EPSS Percentile18.07th
PublishedJan 27, 2009
Last ModifiedApr 23, 2026

Vulnerability Description

Format string vulnerability in BMC PATROL Agent before 3.7.30 allows remote attackers to execute arbitrary code via format string specifiers in an invalid version number to TCP port 3181, which are not properly handled when writing a log message.

Affected Platforms (CPE)

πŸ“¦
Bmc

Patrol Agent

<= 3.7
πŸ“¦
Bmc

Patrol Agent

= 3.2
πŸ“¦
Bmc

Patrol Agent

= 3.2.3
πŸ“¦
Bmc

Patrol Agent

= 3.2.5
πŸ“¦
Bmc

Patrol Agent

= 3.2.7
πŸ“¦
Bmc

Patrol Agent

= 3.3.00
πŸ“¦
Bmc

Patrol Agent

= 3.3.00
πŸ“¦
Bmc

Patrol Agent

= 3.3.00
πŸ“¦
Bmc

Patrol Agent

= 3.4.00
πŸ“¦
Bmc

Patrol Agent

= 3.4.00
πŸ“¦
Bmc

Patrol Agent

= 3.4.00
πŸ“¦
Bmc

Patrol Agent

= 3.4.11
πŸ“¦
Bmc

Patrol Agent

= 3.4.11
πŸ“¦
Bmc

Patrol Agent

= 3.4.11

References & Advisories

πŸ”— http://secunia.com/advisories/33049
πŸ”— http://www.securityfocus.com/archive/1/499013/100/0/threaded
πŸ”— http://www.securityfocus.com/bid/32692
πŸ”— http://www.securitytracker.com/id?1021361
πŸ”— http://www.vupen.com/english/advisories/2008/3379
πŸ”— http://www.zerodayinitiative.com/advisories/ZDI-08-082/
πŸ”— https://exchange.xforce.ibmcloud.com/vulnerabilities/47175
πŸ”— http://secunia.com/advisories/33049

Related Vulnerabilities

CVE-1999-080110.0

BMC Patrol allows remote attackers to gain access to an agent by spoofing frames.

CVE-2011-097510.0

Stack-based buffer overflow in BMC PATROL Agent Service Daemon for in Performance Analysis for Servers, Performance Assurance for ...

CVE-2019-83529.8

By default, BMC PATROL Agent through 11.3.01 uses a static encryption key for encrypting/decrypting user credentials sent over the...

CVE-2019-170437.8

An issue was discovered in BMC Patrol Agent 9.0.10i. Weak execution permissions on the best1collect.exe SUID binary could allow an...