Published: 14/10/2019 Updated: 18/10/2019

CVSS v2 Base Score: 4.6 | Impact Score: 6.4 | Exploitability Score: 3.9

CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8

VMScore: 409

Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P

An issue exists in BMC Patrol Agent 9.0.10i. Weak execution permissions on the best1collect.exe SUID binary could allow an malicious user to elevate his/her privileges to the ones of the "patrol" user by specially crafting a shared library .so file that will be loaded during execution.

Vulnerable Product	Search on Vulmon	Subscribe to Product
bmc patrol agent 9.0.10i

Two Proof-Of-Concepts of SUID binary vulnerabilities on BMC Patrol allowing to elevate privileges from any linux user to root.

BMC Patrol agent privilege escalation These are Proof-Of-Concepts of two "setuid" vulnerabilities related to the BMC Patrol Agent software that allow to elevate privileges from an arbitrary linux user to root CVE-2019-17043 : privilege escalation through "setuid" file allowing to elevate privileges from any linux user to "patrol" user CVE-2019-17

CWE-276 https://twitter.com/whira_wr https://github.com/blogresponder/BMC-Patrol-Agent-local-root-privilege-escalation https://nvd.nist.gov https://github.com/blogresponder/BMC-Patrol-Agent-local-root-privilege-escalation

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2019-17043

Vulnerability Summary

Vulnerability Trend

Github Repositories

References

Vulmon Search

About

Products

Connect