Current Description

BMC PATROL SNMP Agent before 3.2.07 allows local users to create arbitrary world-writeable files as root by specifying the target file as the second argument to the snmpmagt program.

Basic Data

PublishedJuly 13, 1999
Last ModifiedOctober 18, 2016
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeNVD-CWE-Other
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:L/AC:L/Au:N/C:C/I:C/A:C
CVSS 2 - Access VectorLOCAL
CVSS 2 - Access ComplexityLOW
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactCOMPLETE
CVSS 2 - Availability ImpactCOMPLETE
CVSS 2 - Base Score7.2
Exploitability Score3.9
Impact Score10.0
Obtain All Privilegetrue
Obtain User Privilegefalse
Obtain Other Privilegefalse

Base Metric V3

No data provided.


  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationBmcPatrol Agent3.2*******
    2.3ApplicationBmcPatrol Agent3.2.3*******
    2.3ApplicationBmcPatrol Agent3.2.5*******
    2.3ApplicationBmcPatrol Agent********3.2.7

Vulnerable Software List

Bmc Patrol Agent *, 3.2, 3.2.3, 3.2.5


19990713 Root Perms Gained with Patrol SNMP Agent 3.2 (all others?)
19990801 Re: Root Perms Gained with Patrol SNMP Agent 3.2 (all others?)
525 PATCH Vendor Advisory