> BMC has provided the following statement: "[This issue] has been > found not to be a security vulnerability; when properly configured > (as described for our customers in our documentation and in our > online knowledge base) this attack is not possible."
Anybody with some experience on BMC Patrol products know that security levels 1 to 4 are rarely used, because of the configuration and management overhead. Furthermore, level 0 (the default one) isn't imho the only security level impacted by this vulnerability (which is an anonymous r/w access to the SNMP configuration, including full paths to binaries), given that level 1 use anonymous SSL and that level 2 use SSL with unverified client certificate. Levels 1 and 2 will just help an attacker to bypass your NIDS. Interested people can have a look to the "Patrol Security User Guide" (http://www.bmc.com/supportu/documents/73/44/17344/17344.pdf) for additional details. Conclusion : pconfig/xpconfig/wpconfig or any similar custom script can be used to hack any default install of Patrol BMC but it "has been found not to be a security vulnerability". How sad :-( -- Rashbi -- Click to find local singles for dating, romance and fun http://tagline.hushmail.com/fc/CAaCXv1Va9LKiVtoaSprUASsXo9Otqwh/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
