Vigil@nce - BMC Patrol for AIX: privilege escalation via bgscollect
April 2014 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
A local attacker can create a malicious library, which is loaded
by bgscollect of BMC Patrol for AIX, in order to escalate his
privileges.
– Impacted products: PATROL
– Severity: 2/4
– Creation date: 14/04/2014
DESCRIPTION OF THE VULNERABILITY
The BMC Patrol for AIX product installs the bgscollect program to
collect information about the system. It is installed suid root.
However, it is compiled with an empty RPATH, so it accepts to load
libraries located in the current directory.
A local attacker can therefore create a malicious library, which
is loaded by bgscollect of BMC Patrol for AIX, in order to
escalate his privileges.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/BMC-Patrol-for-AIX-privilege-escalation-via-bgscollect-14589