PROBLEM:
BMC PATROL Agent Service Daemon stack-based buffer overflow
PLATFORM:
BMC Performance Affected software versions:
BMC Performance Analysis for Servers 7.4.00 - 7.5.10
BMC Performance Analyzer for Servers 7.4.00 - 7.5.10
BMC Performance Assurance for Servers 7.4.00 - 7.5.10
BMC Performance Assurance for Virtual Servers 7.4.00 - 7.5.10
ABSTRACT:
Stack-based buffer overflow in BMC PATROL Agent Service Daemon for in Performance Analysis for Servers, Performance Assurance for Servers, and Performance Assurance for Virtual Servers 7.4.00 through 7.5.10; Performance Analyzer and Performance Predictor for Servers 7.4.00 through 7.5.10; and Capacity Management Essentials 1.2.00 (7.4.15) allows remote attackers to execute arbitrary code via a crafted length value in a BGS_MULTIPLE_READS command to TCP port 6768.
reference LINKS:
Secunia References - CVE-2004-0975
MITRE References - CVE-2011-0975
Security Database - CVE-2011-0975
IMPACT ASSESSMENT:
High
Discussion:
Stack-based buffer overflow in BMC PATROL Agent Service Daemon for in Performance Analysis for Servers, Performance Assurance for Servers, and Performance Assurance for Virtual Servers 7.4.00 through 7.5.10; Performance Analyzer and Performance Predictor for Servers 7.4.00 through 7.5.10; and Capacity Management Essentials 1.2.00 (7.4.15) allows remote attackers to execute arbitrary code via a crafted length value in a BGS_MULTIPLE_READS command to TCP port 6768.
Solution:
Apply the patch for this vulnerability (QM001683974), available from the BMC Web site. See References