------------------------------------------------------------------------
User enumeration vulnerability in BMC Server Automation (BSA) Unix/Linux
RSCD Agent 

BMC Identifier: BMC-2015-0010
CVE Identifier: CVE-2016-1542
------------------------------------------------------------------------
By BMC Application Security, MAR 2016
 
------------------------------------------------------------------------
Vulnerability summary
------------------------------------------------------------------------
A security vulnerability has been identified in BMC Server Automation (BSA) 
RSCD Agent on the Linux/Unix platforms.
The vulnerability allows unauthorized remote user enumeration on a 
target server by using the Remote Procedure Call (RPC) API of the 
RSCD Agent. Windows agents are not affected.

------------------------------------------------------------------------
CVSS v2.0 Base Metrics
------------------------------------------------------------------------
Reference:  
CVE-2016-1542

Base Vector:          
CVSS v2 Vector (AV:N/AC:L/Au:N/C:P/I:N/A:N)  

Base Score:
5.0

------------------------------------------------------------------------
Affected versions
------------------------------------------------------------------------
The flaw has been confirmed to exist in the following versions of BSA on
Unix and Linux platforms: 8.2.x, 8.3.x, 8.5.x, 8.6.x and 8.7.x. 

------------------------------------------------------------------------
Resolution
------------------------------------------------------------------------
A hotfix as well as a workaround are available at
 
https://selfservice.bmc.com/casemgmt/sc_KnowledgeArticle?sfdcid=kA214000000dBpnCAE&type=Solution 

------------------------------------------------------------------------
Credits
------------------------------------------------------------------------
Credit for discovery of this vulnerability: 
ERNW Gmbh https://www.ernw.de

------------------------------------------------------------------------
Reference
------------------------------------------------------------------------
CVE-2016-1542
 
Information about BMC's corporate procedure for external vulnerability 
disclosures is at http://www.bmc.com/security


-----BEGIN PGP MESSAGE-----
Version: GnuPG v2

owGtVl1oHFUU3tg2P6PTSCsRJdVbK20CyexPmyYuhDi7De3WJqY7yQbsT7g7c2f3
JjNzlzt3srs+qBEVpAaF9KG1rRQq+CBt1DwE2iqlfYgkFIwPTX/EnwcfVFChFQ0i
eu9uNu3mxZe5DNy/c+855zvfOXfek9cF6ms+qfti9u6ffx2vWfglHUgtD460+9Rk
achFFCDHsxGFDBMHjHuWw8dpbGFWBNgBsb440BAd53Kqx4hdFmuJaWorGHJwIXgA
O15BlpJafA9QM8hhQJZkSRxLGHyGTYxoVFzTHgmFO9pDoXBIluKp3qptPhfbu9vD
HbsisuSfg7FiyQM1l7OwXrZdQ7pHuXdtoE9NAqFVloCfOlNVGLqebUNa9FOBCtwV
H9bEKwtdkEbIAbiCrfF/MayKHF9lWQRKIQ2K6IKcBZlJqO0qsjTIt6r1QcsieRd4
DvRYllD8MtdHkU0YAt5aZvEPcm0M0gxi3IGSOekiF8ROpqQ2WT45QImODI8iEOf3
g5bkQLwVqAMJQMyS2IMWK2AYO4awAYop7/gxhzAATRPpDBmKIKN/yMdTmgbGI0oI
xKCLQB9iFOuunxqSyEQUOTqKNpTS5MG04HQWWlPcM0KjDaKtmrSyClrUVLQ/qMaj
B4Kqx0fx6EAwIVai/a0Nq1doOqEoKksdSshfgNQV3AGPrsvD7is2goCmBfP3ea4T
x8TU5voYAaiAXSb4LlhiEsFNQa2KJYI/nPKciLzuCW5DxyhT/T7Lo6BLiSiFNt7t
LHcd5W63UpbvUjqVggL8BS2JXGJ5Ikv8rRJZwkzhpwvyiGcS7yHIEzoGKfG4LyJX
4DjEFkxbfMRKZTDLWM6NBoMuskyRpFhHStrWFZ3YQZ1Tx87YLOjqIy84JG8hI4NU
yrBuoR7XNHRsdI+pkfCuUKkZsZwTV3u3s2IOdWsrHvoMXZwiAzNfWVa+khOIAgO7
OuH8KZZrD3ar61+UO9Ob7B8Ge+10FlSQy+fzCqJOXjGQ3zQxrzSXi4O/Na2qyHCf
Eo5IhnLZhmniMfGC7HB5ttEc4eUcgdxqjRYwoQLjDkNrzesgSwI/i7hczgUcPMhK
IK1gVGFV5S2TpbdrmtcHauoDtRseEr85Aanh0cq/T9dLdf++cphcSrzJzp0Zm5xI
s6mzs0/WHazds3FdXLu2fzrW2TpyZ8utnfvu3B6b27Jj88XDZzctpvtPhqdS3jOP
oKWnPzjxeduMlavdr+ZOF6f2usd7uhonj0z92uJcurl4caG9OXRqYunhzOjM9YFF
+d559Y8Pr279/cqNT5/bMPHz819rP177qGfbhSPfzk7L67889lgx+dqFf64+fnf+
2SU6417//oeYpo/ONi6MPhG+d3rw/e7GM3NH5wNNTbcuP3Vq6Kv5heHf+t6QzXNH
xzdCuHXz3L5voHzys3cT59+aWT6UapuObO+9venvVyePHbz8ztxis/Zi04mb3x26
0bmta3no9frmn6yGwsfSfw==
=0QUC
-----END PGP MESSAGE-----