Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-5982

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2008-5982
Last Modified 07 Mar 2011 10:15:31
Published 27 Jan 2009 05:30:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2008-5982

Summary

Format string vulnerability in BMC PATROL Agent before 3.7.30 allows remote attackers to execute arbitrary code via format string specifiers in an invalid version number to TCP port 3181, which are not properly handled when writing a log message.

Vulnerable Systems

Application

  • Bmc Patrol Agent 3.2

  • Bmc Patrol Agent 3.2.3

  • Bmc Patrol Agent 3.2.5

  • Bmc Patrol Agent 3.2.7

  • Bmc Patrol Agent 3.3.00

  • Bmc Patrol Agent 3.4.00

  • Bmc Patrol Agent 3.4.11

  • Bmc Patrol Agent 3.7


References

XF - patrolagent-logging-format-string(47175)

MISC - http://www.zerodayinitiative.com/advisories/ZDI-08-082/

VUPEN - ADV-2008-3379

SECTRACK - 1021361

BID - 32692

BUGTRAQ - 20081208 ZDI-08-082: BMC PatrolAgent Version Logging Format String Vulnerability

SECUNIA - 33049


Last Updated: 27 May 2016 10:49:01