CVE-2008-5982

EUVD-2008-5952
Format string vulnerability in BMC PATROL Agent before 3.7.30 allows remote attackers to execute arbitrary code via format string specifiers in an invalid version number to TCP port 3181, which are not properly handled when writing a log message.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
10 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:C/I:C/A:C
Base Score
CVSS 3.x
EPSS Score
Percentile: 94%
Affected Products (NVD)
VendorProductVersion
bmcpatrol_agent
𝑥
≤ 3.7
bmcpatrol_agent
3.2
bmcpatrol_agent
3.2.3
bmcpatrol_agent
3.2.5
bmcpatrol_agent
3.2.7
bmcpatrol_agent
3.3.00
bmcpatrol_agent
3.3.00
bmcpatrol_agent
3.3.00
bmcpatrol_agent
3.4.00
bmcpatrol_agent
3.4.00
bmcpatrol_agent
3.4.00
bmcpatrol_agent
3.4.11
bmcpatrol_agent
3.4.11
bmcpatrol_agent
3.4.11
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://secunia.com/advisories/33049
http://www.securityfocus.com/archive/1/499013/100/0/threaded
http://www.securityfocus.com/bid/32692
http://www.securitytracker.com/id?1021361
http://www.vupen.com/english/advisories/2008/3379
http://www.zerodayinitiative.com/advisories/ZDI-08-082/
https://exchange.xforce.ibmcloud.com/vulnerabilities/47175
http://secunia.com/advisories/33049
http://www.securityfocus.com/archive/1/499013/100/0/threaded
http://www.securityfocus.com/bid/32692
http://www.securitytracker.com/id?1021361
http://www.vupen.com/english/advisories/2008/3379
http://www.zerodayinitiative.com/advisories/ZDI-08-082/
https://exchange.xforce.ibmcloud.com/vulnerabilities/47175