PT-2017-12920 · Bmc · Bmc Patrol

Published

2017-08-23

Updated

2019-10-03

CVE-2017-13130

CVSS v2.0

7.2

High

Vector

AV:L/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions BMC Patrol (affected versions not specified)

Description The issue allows local users to gain privileges through a crafted libmcmclnx.so file in the current working directory. This is possible because the affected software is setuid root and the RPATH variable begins with the .: substring, which enables the loading of libraries from the current directory.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Uncontrolled Search Path Element

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-427

Related Identifiers

CVE-2017-13130

Affected Products

Bmc Patrol

PT-2017-12920 · Bmc · Bmc Patrol

CVE-2017-13130

Weakness Enumeration

Related Identifiers

Affected Products

References · 2