10
CVE-2008-5982
- EPSS 7.82%
- Veröffentlicht 27.01.2009 22:30:00
- Zuletzt bearbeitet 16.06.2026 23:01:21
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
LoginFormat string vulnerability in BMC PATROL Agent before 3.7.30 allows remote attackers to execute arbitrary code via format string specifiers in an invalid version number to TCP port 3181, which are not properly handled when writing a log message.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Bmc ≫ Patrol Agent Version <= 3.7
Bmc ≫ Patrol Agent Version3.2
Bmc ≫ Patrol Agent Version3.2.3
Bmc ≫ Patrol Agent Version3.2.5
Bmc ≫ Patrol Agent Version3.2.7
Bmc ≫ Patrol Agent Version3.3.00
Bmc ≫ Patrol Agent Version3.3.00 Editionnt
Bmc ≫ Patrol Agent Version3.3.00 Editionunix
Bmc ≫ Patrol Agent Version3.4.00
Bmc ≫ Patrol Agent Version3.4.00 Editionnt
Bmc ≫ Patrol Agent Version3.4.00 Editionunix
Bmc ≫ Patrol Agent Version3.4.11
Bmc ≫ Patrol Agent Version3.4.11 Editionnt
Bmc ≫ Patrol Agent Version3.4.11 Editionunix
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 7.82% | 0.939 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 10 | 10 | 10 |
AV:N/AC:L/Au:N/C:C/I:C/A:C
|
CWE-134 Use of Externally-Controlled Format String
The product uses a function that accepts a format string as an argument, but the format string originates from an external source.
http://secunia.com/advisories/33049
http://www.securityfocus.com/archive/1/499013/100/0/threaded
http://www.securityfocus.com/bid/32692
http://www.securitytracker.com/id?1021361
http://www.vupen.com/english/advisories/2008/3379
http://www.zerodayinitiative.com/advisories/ZDI-08-082/
https://exchange.xforce.ibmcloud.com/vulnerabilities/47175