Vulnerability Description
An issue was discovered in BMC Patrol Agent 9.0.10i. Weak execution permissions on the PatrolAgent SUID binary could allow an attacker with "patrol" privileges to elevate his/her privileges to the ones of the "root" user by specially crafting a shared library .so file that will be loaded during execution.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Bmc | Patrol Agent | 9.0.10i |
| Linux | Linux Kernel | - |
Related Weaknesses (CWE)
References
- https://docs.bmc.com/docs/PATROLAgent/11302/notification-of-action-required-by-pPatchVendor Advisory
- https://github.com/blogresponder/BMC-Patrol-Agent-local-root-privilege-escalatioThird Party Advisory
- https://twitter.com/whira_wrThird Party Advisory
- https://docs.bmc.com/docs/PATROLAgent/11302/notification-of-action-required-by-pPatchVendor Advisory
- https://github.com/blogresponder/BMC-Patrol-Agent-local-root-privilege-escalatioThird Party Advisory
- https://twitter.com/whira_wrThird Party Advisory
FAQ
What is CVE-2019-17044?
CVE-2019-17044 is a vulnerability with a CVSS score of 7.8 (HIGH). An issue was discovered in BMC Patrol Agent 9.0.10i. Weak execution permissions on the PatrolAgent SUID binary could allow an attacker with "patrol" privileges to elevate his/her privileges to the one...
How severe is CVE-2019-17044?
CVE-2019-17044 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-17044?
Check the references section above for vendor advisories and patch information. Affected products include: Bmc Patrol Agent, Linux Linux Kernel.