Privilege Escalation via Insecure Configuration in BMC Patrol

Privilege Escalation via Insecure Configuration in BMC Patrol

CVE-2016-9638 · HIGH Severity

AV:L/AC:L/AU:N/C:C/I:C/A:C

In BMC Patrol before 9.13.10.02, the binary "listguests64" is configured with the setuid bit. However, when executing it, it will look for a binary named "virsh" using the PATH environment variable. The "listguests64" program will then run "virsh" using root privileges. This allows local users to elevate their privileges to root.

Learn more about our User Device Pen Test.