BMC Performance Manager SNMP Command Execution Vulnerability

ID ZDI-07-020
Type zdi
Reporter Anonymous
Modified 2007-11-09T00:00:00


These vulnerabilities allows attackers to execute arbitrary code on vulnerable installations of BMC Performance Manager. User interaction is not required to exploit this vulnerability.

The specific flaw exists in the PatrolAgent.exe listening on TCP port 3181. The service allows remote attackers to modify configuration files without authentication. This can be exploited by an attacker by modifying parameters in SNMP communities definitions. By modifying the masterAgentName and masterAgentStartLine parameters, an attacker can execute arbitrary code.