User enumeration vulnerability in BMC Server Automation (BSA) Unix/Linux
RSCD Agent
BMC Identifier: BMC-2015-0010
CVE Identifier: CVE-2016-1542
------------------------------
By BMC Application Security, MAR 2016
------------------------------
Vulnerability summary
------------------------------
A security vulnerability has been identified in BMC Server Automation (BSA)
RSCD Agent on the Linux/Unix platforms.
The vulnerability allows unauthorized remote user enumeration on a
target server by using the Remote Procedure Call (RPC) API of the
RSCD Agent. Windows agents are not affected.
------------------------------
CVSS v2.0 Base Metrics
------------------------------
Reference:
CVE-2016-1542
Base Vector:
CVSS v2 Vector (AV:N/AC:L/Au:N/C:P/I:N/A:N)
Base Score:
5.0
------------------------------
Affected versions
------------------------------
The flaw has been confirmed to exist in the following versions of BSA on
Unix and Linux platforms: 8.2.x, 8.3.x, 8.5.x, 8.6.x and 8.7.x.
------------------------------
Resolution
------------------------------
A hotfix as well as a workaround are available at
https://selfservice.bmc.com/
------------------------------
Credits
------------------------------
Credit for discovery of this vulnerability:
ERNW Gmbh https://www.ernw.de
------------------------------
Reference
------------------------------
CVE-2016-1542
Information about BMC's corporate procedure for external vulnerability
disclosures is at http://www.bmc.com/security
Komentarų nėra:
Rašyti komentarą