---------------------------------------------------------------------- Did you know that a change in our assessment rating, exploit code availability, or if an updated patch is released by the vendor, is not part of this mailing-list? Click here to learn more: http://secunia.com/advisories/business_solutions/ ---------------------------------------------------------------------- TITLE: BMC PATROL Version Logging Format String Vulnerability SECUNIA ADVISORY ID: SA33049 VERIFY ADVISORY: http://secunia.com/advisories/33049/ CRITICAL: Moderately critical IMPACT: System access WHERE: >From local network SOFTWARE: BMC PATROL http://secunia.com/advisories/product/13984/ DESCRIPTION: A vulnerability has been reported in BMC PATROL, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to a format string error when logging invalid versions. This can be exploited by sending a specially crafted packet to TCP port 3181. Successful exploitation allows execution of arbitrary code. The vulnerability is reported in versions prior to 3.7.30. SOLUTION: Update PATROL Agent to version 3.7.30. Please contact the vendor for more information. PROVIDED AND/OR DISCOVERED BY: Discovered by an anonymous person and reported via ZDI. ORIGINAL ADVISORY: ZDI: http://www.zerodayinitiative.com/advisories/ZDI-08-082/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------