CVE-2008-5982

BMC PATROL Agent < 3.7.30 - Remote Code Execution via Format String in Version Number

Title source: llm

Description

Format string vulnerability in BMC PATROL Agent before 3.7.30 allows remote attackers to execute arbitrary code via format string specifiers in an invalid version number to TCP port 3181, which are not properly handled when writing a log message.

References (7)

Core 7

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://www.securitytracker.com/id?1021361

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/32692

Third Party Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2008/3379

Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq

http://www.securityfocus.com/archive/1/499013/100/0/threaded

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/47175

Third Party Advisory x_refsource_misc

http://www.zerodayinitiative.com/advisories/ZDI-08-082/

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/33049

Scores

EPSS 0.0782

EPSS Percentile 93.9%

Details

CWE

CWE-134

Status published

Products (8)

bmc/patrol_agent 3.2

bmc/patrol_agent 3.2.3

bmc/patrol_agent 3.2.5

bmc/patrol_agent 3.2.7

bmc/patrol_agent 3.3.00 (3 CPE variants)

bmc/patrol_agent 3.4.00 (3 CPE variants)

bmc/patrol_agent 3.4.11 (3 CPE variants)

bmc/patrol_agent < 3.7

Published Jan 27, 2009

Tracked Since Feb 18, 2026