Unix/Linux RSCD Agent
BMC Identifier: BMC-2015-0011
CVE Identifier: CVE-2016-1543
------------------------------
By BMC Application Security, MAR 2016
------------------------------
Vulnerability summary
------------------------------
A security vulnerability has been identified in BMC Server Automation (BSA)
RSCD Agent on the Linux/Unix platforms.
The vulnerability allows unauthorized remote password resets on a
target server by using the Remote Procedure Call (RPC) API of the
RSCD Agent. Windows agents are not affected.
------------------------------
CVSS v2.0 Base Metrics
------------------------------
Reference:
CVE-2016-1543
Base Vector:
CVSS v2 Vector (AV:N/AC:M/Au:N/C:C/I:P/A:C)
Base Score: 9.0
------------------------------
Affected versions
------------------------------
The flaw has been confirmed to exist in the following versions of BSA on
Unix and Linux platforms: 8.2.x, 8.3.x, 8.5.x, 8.6.x and 8.7.x.
------------------------------
Resolution
------------------------------
A hotfix as well as a workaround are available at
https://selfservice.bmc.com/
------------------------------
Credits
------------------------------
Credit for discovery of this vulnerability:
ERNW Gmbh https://www.ernw.de
------------------------------
Reference
------------------------------
CVE-2016-1543
Information about BMC's corporate procedure for external vulnerability
disclosures is at http://www.bmc.com/security
Komentarų nėra:
Rašyti komentarą