TUCoPS :: Unix :: General
:: patrol-1.htm
BMC PATROL 3.2.3 - symlink attack
Vulnerability
BMC Patrol
Affected
Systems running BMC PATROL 3.2.3 and earlier
Description
Following is based on ISS Security Advisory. Internet Security
Systems (ISS) X-Force has discovered a vulnerability in BMC
Software PATROL(r) Patrol network management software. PATROL
contains a vulnerability that may allow local attackers to
compromise root access. The agent creates insecure temporary
files that may lead to a symbolic link attack.
PATROL Agent is installed setuid root with world-execute
permissions. When PATROL Agent is executed, it creates temporary
files on the system. These files are opened and written to in an
insecure manner. This allows local users to create a symbolic
link to a privileged file. This link is then followed upon the
initialization of PATROL Agent. Attackers may use this
vulnerability to overwrite any file or create a new file that is
owned by root. Attackers commonly use this method to indirectly
compromise root access.
Solution
BMC Software has been notified of this vulnerability on August 20,
1998. Contact BMC Software at http://www.bmc.com to obtain a
patch when it is made available.Until a patch is available, ISS
suggests administrators restrict access to PATROL Agent.
Administrators are encouraged to create a system administrator
group and to only allow Administrators execute permission on
PATROL Agent. This temporary fix may help contain the
vulnerability until a patch is made available.