This document contains official content from the BMC Software Knowledge Base. It is automatically updated when the knowledge article is modified.
BladeLogic Server Automation Suite
BladeLogic Agent and NSH
BMC BladeLogic Server Automation Agents (all versions) running on Linux/Unix Platforms.
A security vulnerability involving a third party component used by the UNIX version of the BMC BladeLogic Server Automation (BSA) RSCD agent has been identified. This vulnerability exists in the SysInfo component (from MagniComp), which is ships with the RSCD agent and is used to display hardware-related information.
This vulnerability was subsequently assigned id CVE-2017-6516
The vulnerability is a local privilege escalation flaw that requires the attacker to have an authenticated session, as well as execution access to the SysInfo binary.
BMC strongly recommends that customers take corrective action as soon as possible, either by using the supplied Component Template based fix to patch existing RSCD agents, or by upgrading to a version of the RSCD with the fix for the minor release stream you are using (8.6.01.002, 8.7.00.004 or 8.8.00.001).
BMC believes the score to be 6.8 (which NVD considers a medium severity). This is reflected in the following scoring vector: (AV:L/AC:L/Au:S/C:C/I:C/A:C). A successful exploit requires local access to a machine that has the SysInfo executable installed. Although the access complexity is low, it requires the attacker to be authenticated and have execution rights for the SysInfo executable in order to be able to escalate his or her privileges to root. A successful exploit compromises confidentiality, integrity, and availability of the local machine.
This issue applies to UNIX RSCD agents for all versions of BMC Server Automation up to and including version 8.7 Patch 3.
The issue will be addressed in BMC Server Automation 8.6 Patch 2, version 8.7 Patch 4, version 8.8 Patch 1, and in version 8.9.
In this specific case, the agents will be backwards compatible with the previous release (For example, the version 8.7 Patch 4 will work with the version 8.7 Patch 3 Application Server).
The following file permission changes should mitigate the vulnerability:
- Remove the suid bit from the Magnicomp Sysinfo binary.
- Remove the execute bit for group and owner for the Magnicomp Sysinfo binary.
- Ensure the owner is root.
<RSCD_INSTALL_DIR>/nativetool/bin/sysinfo e.g. /opt/bmc/bladelogic/NSH/nativetool/bin/sysinfo
Note: If the only local user mapped-to is root or if you do map to non-root accounts but they don't need to run sysinfo (eg, to gather inventory snapshot data), then you can remove the execute permission from the binary as mentioned above.
If you need to run the Sysinfo binary while mapping to non-root users via BSA then the mitigation will disallow that so one of the below solutions must be used.
To correct the issue, do one of the following:
- Download and apply fix (via a BMC Server Automation Compliance Template) to all existing affected agents, as well as any new agents of impacted versions you deploy in the future. The Component Template solution to this issue for BSA versions 8.3 and higher can be downloaded from the following location. See attached Word document for step-by-step instructions. ftp location: ftp://ftp.bmc.com/pub/MagniComp/BSA_Magnicomp_Hotfix.zip
- Upgrade the agents to version 8.6 Patch 2, version 8.7 Patch 4, version 8.8 Patch 1, or version 8.9, all of which contain the fix.