PT-2019-14921 · Bmc · Bmc Patrol Agent

Blogresponder

Publicado

2019-10-14

Atualizado

2019-10-18

CVE-2019-17043

CVSS v3.1

7.8

Alta

Vetor

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions BMC Patrol Agent version 9.0.10i

Description An issue was discovered that could allow an attacker to elevate privileges to those of the "patrol" user by specially crafting a shared library .so file that will be loaded during execution of the best1collect.exe SUID binary, due to weak execution permissions.

Recommendations For BMC Patrol Agent version 9.0.10i, consider restricting access to the best1collect.exe SUID binary to prevent exploitation until a fix is available. Additionally, monitor the system for any suspicious activity related to the loading of shared library .so files.

Correção

Incorrect Default Permissions

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-276

Identificadores relacionados

CVE-2019-17043

Produtos afetados

Bmc Patrol Agent

PT-2019-14921 · Bmc · Bmc Patrol Agent

CVE-2019-17043

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 4