Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!


TUCoPS :: Unix :: General :: patrol-1.htm

BMC PATROL 3.2.3 - symlink attack



Vulnerability

    BMC Patrol

Affected

    Systems running BMC PATROL 3.2.3 and earlier

Description

    Following is based  on ISS Security  Advisory.  Internet  Security
    Systems  (ISS)  X-Force  has  discovered  a  vulnerability  in BMC
    Software  PATROL(r)  Patrol  network  management software.  PATROL
    contains  a  vulnerability  that  may  allow  local  attackers  to
    compromise  root  access.   The  agent  creates insecure temporary
    files that may lead to a symbolic link attack.

    PATROL  Agent   is  installed   setuid  root   with  world-execute
    permissions.  When PATROL Agent is executed, it creates  temporary
    files on the system.  These files are opened and written to in  an
    insecure manner.   This allows  local users  to create  a symbolic
    link to a privileged  file.  This link  is then followed upon  the
    initialization  of   PATROL  Agent.    Attackers   may  use   this
    vulnerability to overwrite any file  or create a new file  that is
    owned by root.  Attackers  commonly use this method to  indirectly
    compromise root access.

Solution

    BMC Software has been notified of this vulnerability on August 20,
    1998.   Contact  BMC  Software  at  http://www.bmc.com to obtain a
    patch when it  is made available.Until  a patch is  available, ISS
    suggests  administrators   restrict  access   to  PATROL    Agent.
    Administrators  are  encouraged  to  create a system administrator
    group  and  to  only  allow  Administrators  execute permission on
    PATROL  Agent.    This  temporary   fix  may   help  contain   the
    vulnerability until a patch is made available.


TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH