Bmc · Performance Assurance For Virtual Servers · CVE-2011-0975
**Name of the Vulnerable Software and Affected Versions**
BMC PATROL Agent Service Daemon for Performance Analysis for Servers versions 7.4.00 through 7.5.10
Performance Assurance for Servers versions 7.4.00 through 7.5.10
Performance Assurance for Virtual Servers versions 7.4.00 through 7.5.10
Performance Analyzer and Performance Predictor for Servers versions 7.4.00 through 7.5.10
Capacity Management Essentials version 1.2.00 (7.4.15)
**Description**
The issue allows remote attackers to execute arbitrary code via a crafted length value in a BGS MULTIPLE READS command to TCP port 6768. This is a result of a stack-based buffer overflow.
**Recommendations**
For BMC PATROL Agent Service Daemon for Performance Analysis for Servers versions 7.4.00 through 7.5.10, update to a version outside of this range.
For Performance Assurance for Servers versions 7.4.00 through 7.5.10, update to a version outside of this range.
For Performance Assurance for Virtual Servers versions 7.4.00 through 7.5.10, update to a version outside of this range.
For Performance Analyzer and Performance Predictor for Servers versions 7.4.00 through 7.5.10, update to a version outside of this range.
For Capacity Management Essentials version 1.2.00 (7.4.15), update to a version outside of this range.
As a temporary workaround, consider restricting access to TCP port 6768 to minimize the risk of exploitation.