Vulnerability Details : CVE-2016-9638
In BMC Patrol before 9.13.10.02, the binary "listguests64" is configured with the setuid bit. However, when executing it, it will look for a binary named "virsh" using the PATH environment variable. The "listguests64" program will then run "virsh" using root privileges. This allows local users to elevate their privileges to root.
Products affected by CVE-2016-9638
- cpe:2.3:a:bmc:patrol:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2016-9638
0.04%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 6 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2016-9638
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.2
|
HIGH | AV:L/AC:L/Au:N/C:C/I:C/A:C |
3.9
|
10.0
|
NIST | |
7.8
|
HIGH | CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
1.8
|
5.9
|
NIST |
CWE ids for CVE-2016-9638
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2016-9638
-
http://www.securitytracker.com/id/1037385
BMC Patrol 'listguests64' Utility setuid Settings Lets Local Users Obtain Root Privileges - SecurityTracker
-
http://www.nes.fr/securitylab/index.php/2016/12/02/privilege-escalation-on-bmc-patrol
Page not found - NESExploit;Patch;Third Party Advisory
-
http://www.securityfocus.com/bid/95009
BMC Patrol CVE-2016-9638 Local Privilege Escalation VulnerabilityThird Party Advisory;VDB Entry
Jump to