CVE-2016-9638

{"id": "CVE-2016-9638", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.2, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": true, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2016-12-02T17:59:00.167", "references": [{"url": "http://www.nes.fr/securitylab/index.php/2016/12/02/privilege-escalation-on-bmc-patrol", "tags": ["Exploit", "Patch", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/95009", "tags": ["Third Party Advisory", "VDB Entry"], "source": "cve@mitre.org"}, {"url": "http://www.securitytracker.com/id/1037385", "source": "cve@mitre.org"}, {"url": "http://www.nes.fr/securitylab/index.php/2016/12/02/privilege-escalation-on-bmc-patrol", "tags": ["Exploit", "Patch", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/95009", "tags": ["Third Party Advisory", "VDB Entry"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securitytracker.com/id/1037385", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-264"}]}], "descriptions": [{"lang": "en", "value": "In BMC Patrol before 9.13.10.02, the binary \"listguests64\" is configured with the setuid bit. However, when executing it, it will look for a binary named \"virsh\" using the PATH environment variable. The \"listguests64\" program will then run \"virsh\" using root privileges. This allows local users to elevate their privileges to root."}, {"lang": "es", "value": "En BMC Patrol en versiones anteriores a 9.13.10.02 el binario \"listguests64\" est\u00e1 configurado con el bit setuid. Sin embargo, cuando se ejecuta, buscar\u00e1 un binario llamado \"virsh\" usando la variable de entorno PATH. El programa \"listguests64\" ejecutar\u00e1 entonces \"virsh\" usando los privilegios de root. Esto permite a usuarios locales elevar sus privilegios a root."}], "lastModified": "2024-11-21T03:01:33.277", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:bmc:patrol:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A6D0ACBF-ABA0-43FE-AF92-30E418E98A1F", "versionEndIncluding": "9.13.10.01"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}