BSA: October 2016: Vulnerabilities in MagniComp's SysInfo utility used in BSA

Version 11
    Share:|

    This document contains official content from the BMC Software Knowledge Base. It is automatically updated when the knowledge article is modified.


    PRODUCT:

    BladeLogic Server Automation Suite


    COMPONENT:

    BladeLogic Agent and NSH


    APPLIES TO:

    BMC BladeLogic Server Automation Agents (all versions) running on Linux/Unix Platforms.



    QUESTION:

    Problem

      

    A security vulnerability involving a third party component used by the UNIX version of the BMC BladeLogic Server Automation (BSA) RSCD agent has been identified. This vulnerability exists in the SysInfo component (from MagniComp), which is ships with the RSCD agent and is used to display hardware-related information.

    This vulnerability was subsequently assigned id CVE-2017-6516 

      

    The vulnerability is a local privilege escalation flaw that requires the attacker to have an authenticated session, as well as execution access to the SysInfo binary.

      

    BMC strongly recommends that customers take corrective action as soon as possible, either by using the supplied Component Template based fix to patch existing RSCD agents, or by upgrading to a version of the RSCD with the fix for the minor release stream you are using (8.6.01.002, 8.7.00.004 or 8.8.00.001).

      

    BMC believes the score to be 6.8 (which NVD considers a medium severity). This is reflected in the following scoring vector: (AV:L/AC:L/Au:S/C:C/I:C/A:C). A successful exploit requires local access to a machine that has the SysInfo executable installed. Although the access complexity is low, it requires the attacker to be authenticated and have execution rights for the SysInfo executable in order to be able to escalate his or her privileges to root. A successful exploit compromises confidentiality, integrity, and availability of the local machine.
     

      

    Impact

      

    This issue applies to UNIX RSCD agents for all versions of BMC Server Automation up to and including version 8.7 Patch 3.

      

    The issue will be addressed in BMC Server Automation 8.6 Patch 2, version 8.7 Patch 4, version 8.8 Patch 1, and in version 8.9.

      

    In this specific case, the agents will be backwards compatible with the previous release (For example, the version 8.7 Patch 4 will work with the version 8.7 Patch 3 Application Server).


    ANSWER:

     

    Mitigation

      

    The following file permission changes should mitigate the vulnerability:

      
       
    1. Remove the suid bit from the Magnicomp Sysinfo binary.
    2.  
    3. Remove the execute bit for group and owner for the Magnicomp Sysinfo binary.
    4.  
    5. Ensure the owner is root.
    The Magnicomp Sysinfo is typically located here on a BSA Unix RSCD Agent: 

    <RSCD_INSTALL_DIR>/nativetool/bin/sysinfo e.g.  /opt/bmc/bladelogic/NSH/nativetool/bin/sysinfo 


    Note:  If the only local user mapped-to is root or if you do map to non-root accounts but they don't need to run sysinfo (eg, to gather inventory snapshot data), then you can remove the execute permission from the binary as mentioned above.   
    If you need to run the Sysinfo binary while mapping to non-root users via BSA then the mitigation will disallow that so one of the below solutions must be used.  

    Solution

      

    To correct the issue, do one of the following:

      
       
    • Download and apply fix (via a BMC Server Automation Compliance Template) to all existing affected agents, as well as any new agents of impacted versions you deploy in the future. The Component Template solution to this issue for BSA versions 8.3 and higher can be downloaded from the following location. See attached Word document for step-by-step instructions. ftp location: ftp://ftp.bmc.com/pub/MagniComp/BSA_Magnicomp_Hotfix.zip
       
       
    • Upgrade the agents to version 8.6 Patch 2, version 8.7 Patch 4, version 8.8 Patch 1, or version 8.9, all of which contain the fix.
      


      

     


    Article Number:

    000122617


    Article Type:

    FAQ/Procedural



      Looking for additional information?    Search BMC Support  or  Browse Knowledge Articles