COMMAND

    Patrol

SYSTEMS AFFECTED

    Patrol agent until release 3.25 on all operating systems

PROBLEM

    Frederic Costa  found following.   The PATROL  management software
    from BMC SOFTWARE has 3 following bugs.

    1) Session password encryption weakness:
    ========================================
    The Patrol session password is  protected in a way which  does not
    prevent from replay  attacks.  It  is possible for  an attacker to
    capture (wire tapping, network sniffing...) an encrypted  password
    and to provide  it to the  BMC API to  connect to the  agent.  The
    attacker  can  then  get  a  shell  with  the  agent  without  the
    administrator to know it.

    2) Patrol frames sealing:
    =========================
    The algorithm used in Patrol  for sealing the frames exchanged  is
    fairly weak  (enhanced checksum).  It is  thus quite  easy for  an
    attacker to build a spoofing system which sends faked frames to an
    agent.

    3) Service deny on UDP port:
    ============================
    The UDP ports  accept connexion requests  and are thus  exposed to
    ping-pong from another UDP port (e.g. chargen).

SOLUTION

    BMC SOFTWARE is working on it.