Format String Vulnerability in BMC PATROL Agent by BMC Software
CVE-2008-5982

Currently unrated

Key Information:

Vendor

Bmc

Status
Patrol Agent
Vendor
CVE Published:
27 January 2009

What is CVE-2008-5982?

The BMC PATROL Agent prior to version 3.7.30 is susceptible to a format string vulnerability that allows remote attackers to execute arbitrary code. This vulnerability arises from improper handling of format string specifiers in an invalid version number sent to TCP port 3181. As a result, malicious entities can manipulate log messages, potentially compromising the integrity and availability of the system.

References

http://www.securitytracker.com/id?1021361
vdb-entryx_refsource_SECTRACK
http://www.securityfocus.com/bid/32692
vdb-entryx_refsource_BID
http://www.vupen.com/english/advisories/2008/3379
vdb-entryx_refsource_VUPEN

EPSS Score

14% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.