|
BMC Patrol SNMP Agent File Creation/Permission Vulnerability
Patrol 3.2, installed out of the box, allows for a local root compromise or denial of service. The vulnerability lies in the creation of a file by snmpagnt that is owned by the owner of the parent directory of the file and possibly world writeable. A local user can specify any file (/.rhosts) and create it / set the permissions according to the user's umask. |
|
|
Privacy Statement |
