BMC Patrol is marketed as system management software that will “Proactively detect and automatically resolve IT performance issues and sub-optimal configurations before users and services are negatively impacted.”

Speaking of sub-optimal configurations, the vulnerability database at NIST just popped up an urgent alert that says BMC Patrol actually might be your next source of negative impact:

Stack-based buffer overflow in BMC PATROL Agent Service Daemon for in Performance Analysis for Servers, Performance Assurance for Servers, and Performance Assurance for Virtual Servers 7.4.00 through 7.5.10; Performance Analyzer and Performance Predictor for Servers 7.4.00 through 7.5.10; and Capacity Management Essentials 1.2.00 (7.4.15) allows remote attackers to execute arbitrary code via a crafted length value in a BGS_MULTIPLE_READS command to TCP port 6768.

They give it a CVSS v2 Base Score of 10.0 (the highest rating).

Sometimes this means the vendor is not supplying sufficient information, but in this case it looks like port 6768 is just a short step away from complete control of a system.

Access Vector: Network exploitable
Access Complexity: Low
Authentication: Not required to exploit
Impact Type:Allows unauthorized disclosure of information; Allows unauthorized modification; Allows disruption of service

Fourteen months passed between discovery and this patch/announcement. At least their announcement has been more well-reasoned than the last time I mentioned a BMC remote exploit.