You are here

T-556: BMC PATROL Agent Service Daemon stack-based buffer overflow

February 14, 2011 - 7:07am

Addthis

PROBLEM:

BMC PATROL Agent Service Daemon stack-based buffer overflow

PLATFORM:

BMC Performance Affected software versions:
BMC Performance Analysis for Servers 7.4.00 - 7.5.10
BMC Performance Analyzer for Servers 7.4.00 - 7.5.10
BMC Performance Assurance for Servers 7.4.00 - 7.5.10
BMC Performance Assurance for Virtual Servers 7.4.00 - 7.5.10

ABSTRACT:

Stack-based buffer overflow in BMC PATROL Agent Service Daemon for in Performance Analysis for Servers, Performance Assurance for Servers, and Performance Assurance for Virtual Servers 7.4.00 through 7.5.10; Performance Analyzer and Performance Predictor for Servers 7.4.00 through 7.5.10; and Capacity Management Essentials 1.2.00 (7.4.15) allows remote attackers to execute arbitrary code via a crafted length value in a BGS_MULTIPLE_READS command to TCP port 6768.

reference  LINKS:

Secunia References - CVE-2004-0975
MITRE References - CVE-2011-0975
Security Database - CVE-2011-0975

IMPACT ASSESSMENT:

High

Discussion:

Stack-based buffer overflow in BMC PATROL Agent Service Daemon for in Performance Analysis for Servers, Performance Assurance for Servers, and Performance Assurance for Virtual Servers 7.4.00 through 7.5.10; Performance Analyzer and Performance Predictor for Servers 7.4.00 through 7.5.10; and Capacity Management Essentials 1.2.00 (7.4.15) allows remote attackers to execute arbitrary code via a crafted length value in a BGS_MULTIPLE_READS command to TCP port 6768.

Solution:

Apply the patch for this vulnerability (QM001683974), available from the BMC Web site. See References

BMC Updates
 

Addthis