CyberSec.Space Logo
CVEブラウザに戻る

CVE-2019-17043

HIGH
7.8
CVSS Severity Score
EPSS Score0.0290%
EPSS Percentile5.18th
Published2019年10月14日
Last Modified2024年11月21日

Vulnerability Description

An issue was discovered in BMC Patrol Agent 9.0.10i. Weak execution permissions on the best1collect.exe SUID binary could allow an attacker to elevate his/her privileges to the ones of the "patrol" user by specially crafting a shared library .so file that will be loaded during execution.

Affected Platforms (CPE)

📦
Bmc

Patrol Agent

= 9.0.10i

References & Advisories

🔗 https://github.com/blogresponder/BMC-Patrol-Agent-local-root-privilege-escalation
🔗 https://twitter.com/whira_wr
🔗 https://github.com/blogresponder/BMC-Patrol-Agent-local-root-privilege-escalation
🔗 https://twitter.com/whira_wr

関連する脆弱性情報

CVE-2011-097510.0

Stack-based buffer overflow in BMC PATROL Agent Service Daemon for in Performance Analysis for Servers, Performance Assurance for ...

CVE-2008-598210.0

Format string vulnerability in BMC PATROL Agent before 3.7.30 allows remote attackers to execute arbitrary code via format string ...

CVE-1999-080110.0

BMC Patrol allows remote attackers to gain access to an agent by spoofing frames.

CVE-2019-83529.8

By default, BMC PATROL Agent through 11.3.01 uses a static encryption key for encrypting/decrypting user credentials sent over the...