CyberSec.Space Logo
返回 CVE 瀏覽器

CVE-2019-17044

HIGH
7.8
CVSS Severity Score
EPSS Score0.0020%
EPSS Percentile35.68th
Published2019年10月14日
Last Modified2024年11月21日

Vulnerability Description

An issue was discovered in BMC Patrol Agent 9.0.10i. Weak execution permissions on the PatrolAgent SUID binary could allow an attacker with "patrol" privileges to elevate his/her privileges to the ones of the "root" user by specially crafting a shared library .so file that will be loaded during execution.

Affected Platforms (CPE)

📦
Bmc

Patrol Agent

= 9.0.10i

References & Advisories

🔗 https://docs.bmc.com/docs/PATROLAgent/11302/notification-of-action-required-by-patrol-agent-users-to-apply-the-security-patch-898411558.html
🔗 https://github.com/blogresponder/BMC-Patrol-Agent-local-root-privilege-escalation
🔗 https://twitter.com/whira_wr
🔗 https://docs.bmc.com/docs/PATROLAgent/11302/notification-of-action-required-by-patrol-agent-users-to-apply-the-security-patch-898411558.html
🔗 https://github.com/blogresponder/BMC-Patrol-Agent-local-root-privilege-escalation
🔗 https://twitter.com/whira_wr

相關漏洞威脅

CVE-2011-097510.0

Stack-based buffer overflow in BMC PATROL Agent Service Daemon for in Performance Analysis for Servers, Performance Assurance for ...

CVE-2008-598210.0

Format string vulnerability in BMC PATROL Agent before 3.7.30 allows remote attackers to execute arbitrary code via format string ...

CVE-1999-080110.0

BMC Patrol allows remote attackers to gain access to an agent by spoofing frames.

CVE-2019-83529.8

By default, BMC PATROL Agent through 11.3.01 uses a static encryption key for encrypting/decrypting user credentials sent over the...