Search criteria
21 vulnerabilities found for performance_co-pilot by sgi
FKIE_CVE-2023-6917
Vulnerability from fkie_nvd - Published: 2024-02-28 15:15 - Updated: 2025-04-01 15:34
Severity ?
6.0 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
A vulnerability has been identified in the Performance Co-Pilot (PCP) package, stemming from the mixed privilege levels utilized by systemd services associated with PCP. While certain services operate within the confines of limited PCP user/group privileges, others are granted full root privileges. This disparity in privilege levels poses a risk when privileged root processes interact with directories or directory trees owned by unprivileged PCP users. Specifically, this vulnerability may lead to the compromise of PCP user isolation and facilitate local PCP-to-root exploits, particularly through symlink attacks. These vulnerabilities underscore the importance of maintaining robust privilege separation mechanisms within PCP to mitigate the potential for unauthorized privilege escalation.
References
| URL | Tags | ||
|---|---|---|---|
| secalert@redhat.com | https://access.redhat.com/errata/RHSA-2024:2213 | Third Party Advisory | |
| secalert@redhat.com | https://access.redhat.com/security/cve/CVE-2023-6917 | Third Party Advisory | |
| secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=2254983 | Third Party Advisory, Issue Tracking | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2024:2213 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/security/cve/CVE-2023-6917 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=2254983 | Third Party Advisory, Issue Tracking |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sgi | performance_co-pilot | * | |
| redhat | enterprise_linux | 9.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sgi:performance_co-pilot:*:*:*:*:*:*:*:*",
"matchCriteriaId": "ECAFCE0C-BF3F-46DA-BFC9-D5E7BAA2F24C",
"versionEndExcluding": "6.2.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7F6FB57C-2BC7-487C-96DD-132683AEB35D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in the Performance Co-Pilot (PCP) package, stemming from the mixed privilege levels utilized by systemd services associated with PCP. While certain services operate within the confines of limited PCP user/group privileges, others are granted full root privileges. This disparity in privilege levels poses a risk when privileged root processes interact with directories or directory trees owned by unprivileged PCP users. Specifically, this vulnerability may lead to the compromise of PCP user isolation and facilitate local PCP-to-root exploits, particularly through symlink attacks. These vulnerabilities underscore the importance of maintaining robust privilege separation mechanisms within PCP to mitigate the potential for unauthorized privilege escalation."
},
{
"lang": "es",
"value": "Se ha identificado una vulnerabilidad en el paquete Performance Co-Pilot (PCP), derivada de los niveles de privilegios mixtos utilizados por los servicios systemd asociados con PCP. Si bien ciertos servicios operan dentro de los l\u00edmites de privilegios limitados de usuario/grupo de PCP, a otros se les otorgan privilegios completos de ra\u00edz. Esta disparidad en los niveles de privilegios plantea un riesgo cuando los procesos ra\u00edz privilegiados interact\u00faan con directorios o \u00e1rboles de directorios propiedad de usuarios PCP sin privilegios. Espec\u00edficamente, esta vulnerabilidad puede comprometer el aislamiento del usuario de PCP y facilitar ataques locales de PCP a ra\u00edz, particularmente a trav\u00e9s de ataques de enlace simb\u00f3lico. Estas vulnerabilidades subrayan la importancia de mantener mecanismos s\u00f3lidos de separaci\u00f3n de privilegios dentro de PCP para mitigar la posibilidad de una escalada de privilegios no autorizada."
}
],
"id": "CVE-2023-6917",
"lastModified": "2025-04-01T15:34:51.040",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.0,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 0.8,
"impactScore": 5.2,
"source": "secalert@redhat.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-02-28T15:15:07.867",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2024:2213"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-6917"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"Issue Tracking"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254983"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2024:2213"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-6917"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"Issue Tracking"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254983"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-378"
}
],
"source": "secalert@redhat.com",
"type": "Primary"
}
]
}
FKIE_CVE-2012-5530
Vulnerability from fkie_nvd - Published: 2012-11-29 13:14 - Updated: 2025-04-11 00:51
Severity ?
Summary
The (1) pcmd and (2) pmlogger init scripts in Performance Co-Pilot (PCP) before 3.6.10 allow local users to overwrite arbitrary files via a symlink attack on a /var/tmp/##### temporary file.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sgi | performance_co-pilot | * | |
| sgi | performance_co-pilot | 2.1.1 | |
| sgi | performance_co-pilot | 2.1.2 | |
| sgi | performance_co-pilot | 2.1.3 | |
| sgi | performance_co-pilot | 2.1.4 | |
| sgi | performance_co-pilot | 2.1.5 | |
| sgi | performance_co-pilot | 2.1.6 | |
| sgi | performance_co-pilot | 2.1.7 | |
| sgi | performance_co-pilot | 2.1.8 | |
| sgi | performance_co-pilot | 2.1.9 | |
| sgi | performance_co-pilot | 2.1.10 | |
| sgi | performance_co-pilot | 2.1.11 | |
| sgi | performance_co-pilot | 2.2 | |
| sgi | performance_co-pilot | 3.6.4 | |
| sgi | performance_co-pilot | 3.6.5 | |
| sgi | performance_co-pilot | 3.6.6 | |
| sgi | performance_co-pilot | 3.6.8 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sgi:performance_co-pilot:*:*:*:*:*:*:*:*",
"matchCriteriaId": "87866665-A4AF-4949-8A66-88D72138A399",
"versionEndIncluding": "3.6.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sgi:performance_co-pilot:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "81FC987D-ACD6-4495-87FE-5C3547CE22B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sgi:performance_co-pilot:2.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DECE1AE3-0247-4170-A02F-03D33A6DD33B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sgi:performance_co-pilot:2.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D4E5A424-E298-4967-8174-CB6035126750",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sgi:performance_co-pilot:2.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "DCFD1859-A3F0-4A1C-B593-B9FBFDF165D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sgi:performance_co-pilot:2.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "5B5E5B48-F324-49DB-BD42-B8F9B9C3EA72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sgi:performance_co-pilot:2.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "C9D6FF9F-006D-45C9-B0A1-A2E450A75590",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sgi:performance_co-pilot:2.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "1C8F4743-9016-453B-81E7-F3BEC6979FE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sgi:performance_co-pilot:2.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "817F8589-040B-4216-95A2-FE70000B1CDD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sgi:performance_co-pilot:2.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "C4B93DB7-2220-4CF6-B2F3-BB953023EE94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sgi:performance_co-pilot:2.1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "4F9A53D4-333E-4DD1-A99D-AC35C808A138",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sgi:performance_co-pilot:2.1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "9F08C5F0-6EF7-4539-9CED-D3F3E81EEA82",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sgi:performance_co-pilot:2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "551F7EA0-7323-4D0C-8DE2-EE08689DAFDE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sgi:performance_co-pilot:3.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D78784E8-98A9-47FD-8A4A-3719F22BD5C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sgi:performance_co-pilot:3.6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "CA8C001C-4D92-47CD-8A59-4AE6E92A1FF1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sgi:performance_co-pilot:3.6.6:*:*:*:*:*:*:*",
"matchCriteriaId": "F0A29BC9-A25B-48F0-91FD-9D9C90DC06FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sgi:performance_co-pilot:3.6.8:*:*:*:*:*:*:*",
"matchCriteriaId": "40A44594-5C41-46D2-B736-18E45B661B68",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The (1) pcmd and (2) pmlogger init scripts in Performance Co-Pilot (PCP) before 3.6.10 allow local users to overwrite arbitrary files via a symlink attack on a /var/tmp/##### temporary file."
},
{
"lang": "es",
"value": "Las secuencias de comandos (1) pcmd y (2) pmlogger en Performance Co-Pilot (PCP) v3.6.10, permite a usuarios locales sobrescribir archivos de su elecci\u00f3n a trav\u00e9s de un ataque de enlace simb\u00f3lico en un archivo temporal /var/tmp/#####"
}
],
"id": "CVE-2012-5530",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-11-29T13:14:37.663",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00024.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/56656"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=782967"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=875842"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00024.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/56656"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=782967"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=875842"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2012-3420
Vulnerability from fkie_nvd - Published: 2012-08-27 23:55 - Updated: 2025-04-11 00:51
Severity ?
Summary
Multiple memory leaks in Performance Co-Pilot (PCP) before 3.6.5 allow remote attackers to cause a denial of service (memory consumption or daemon crash) via a large number of PDUs with (1) a crafted context number to the DoFetch function in pmcd/src/dofetch.c or (2) a negative type value to the __pmGetPDU function in libpcp/src/pdu.c.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sgi | performance_co-pilot | * | |
| sgi | performance_co-pilot | 2.1.1 | |
| sgi | performance_co-pilot | 2.1.2 | |
| sgi | performance_co-pilot | 2.1.3 | |
| sgi | performance_co-pilot | 2.1.4 | |
| sgi | performance_co-pilot | 2.1.5 | |
| sgi | performance_co-pilot | 2.1.6 | |
| sgi | performance_co-pilot | 2.1.7 | |
| sgi | performance_co-pilot | 2.1.8 | |
| sgi | performance_co-pilot | 2.1.9 | |
| sgi | performance_co-pilot | 2.1.10 | |
| sgi | performance_co-pilot | 2.1.11 | |
| sgi | performance_co-pilot | 2.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sgi:performance_co-pilot:*:*:*:*:*:*:*:*",
"matchCriteriaId": "61D11953-C33A-47B0-B47E-10FD9ACA7A8B",
"versionEndIncluding": "3.6.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sgi:performance_co-pilot:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "81FC987D-ACD6-4495-87FE-5C3547CE22B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sgi:performance_co-pilot:2.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DECE1AE3-0247-4170-A02F-03D33A6DD33B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sgi:performance_co-pilot:2.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D4E5A424-E298-4967-8174-CB6035126750",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sgi:performance_co-pilot:2.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "DCFD1859-A3F0-4A1C-B593-B9FBFDF165D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sgi:performance_co-pilot:2.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "5B5E5B48-F324-49DB-BD42-B8F9B9C3EA72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sgi:performance_co-pilot:2.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "C9D6FF9F-006D-45C9-B0A1-A2E450A75590",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sgi:performance_co-pilot:2.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "1C8F4743-9016-453B-81E7-F3BEC6979FE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sgi:performance_co-pilot:2.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "817F8589-040B-4216-95A2-FE70000B1CDD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sgi:performance_co-pilot:2.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "C4B93DB7-2220-4CF6-B2F3-BB953023EE94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sgi:performance_co-pilot:2.1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "4F9A53D4-333E-4DD1-A99D-AC35C808A138",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sgi:performance_co-pilot:2.1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "9F08C5F0-6EF7-4539-9CED-D3F3E81EEA82",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sgi:performance_co-pilot:2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "551F7EA0-7323-4D0C-8DE2-EE08689DAFDE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple memory leaks in Performance Co-Pilot (PCP) before 3.6.5 allow remote attackers to cause a denial of service (memory consumption or daemon crash) via a large number of PDUs with (1) a crafted context number to the DoFetch function in pmcd/src/dofetch.c or (2) a negative type value to the __pmGetPDU function in libpcp/src/pdu.c."
},
{
"lang": "es",
"value": "M\u00faltiples p\u00e9rdidas de memoria en Performance Co-Pilot (PCP) anterior a v3.6.5 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (consumo de memoria o un accidente demonio) a trav\u00e9s de un gran n\u00famero de PDUs con (1) un n\u00famero de contexto dise\u00f1ado al funci\u00f3n en DoFetch pmcd / src / dofetch.c o (2) un valor de tipo negativo para la funci\u00f3n pmGetPDU __ en libpcp / src / pdu.c."
}
],
"id": "CVE-2012-3420",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-08-27T23:55:02.227",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-August/085324.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-August/085333.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00024.html"
},
{
"source": "secalert@redhat.com",
"url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git%3Ba=blob%3Bf=CHANGELOG%3Bh=16c9cbb2f61d909487ea1c3171f4ab33e5648ac5%3Bhb=fe51067ae869a4d59f350ac319b09edcb77ac8e6"
},
{
"source": "secalert@redhat.com",
"url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git%3Ba=commit%3Bh=68fb968b4ee635bb301dc9ab64e633b0d66d27b4"
},
{
"source": "secalert@redhat.com",
"url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git%3Ba=commit%3Bh=a7dc844d3586ea79887655a97c4252a79751fdae"
},
{
"source": "secalert@redhat.com",
"url": "http://www.debian.org/security/2012/dsa-2533"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2012/08/16/1"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=841298"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=841319"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=841704"
},
{
"source": "secalert@redhat.com",
"url": "https://hermes.opensuse.org/messages/15471040"
},
{
"source": "secalert@redhat.com",
"url": "https://hermes.opensuse.org/messages/15540133"
},
{
"source": "secalert@redhat.com",
"url": "https://hermes.opensuse.org/messages/15540172"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-August/085324.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-August/085333.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00024.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git%3Ba=blob%3Bf=CHANGELOG%3Bh=16c9cbb2f61d909487ea1c3171f4ab33e5648ac5%3Bhb=fe51067ae869a4d59f350ac319b09edcb77ac8e6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git%3Ba=commit%3Bh=68fb968b4ee635bb301dc9ab64e633b0d66d27b4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git%3Ba=commit%3Bh=a7dc844d3586ea79887655a97c4252a79751fdae"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2012/dsa-2533"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/08/16/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=841298"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=841319"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=841704"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://hermes.opensuse.org/messages/15471040"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://hermes.opensuse.org/messages/15540133"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://hermes.opensuse.org/messages/15540172"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-399"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2012-3419
Vulnerability from fkie_nvd - Published: 2012-08-27 23:55 - Updated: 2025-04-11 00:51
Severity ?
Summary
Performance Co-Pilot (PCP) before 3.6.5 exports some of the /proc file system, which allows attackers to obtain sensitive information such as proc/pid/maps and command line arguments.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sgi | performance_co-pilot | * | |
| sgi | performance_co-pilot | 2.1.1 | |
| sgi | performance_co-pilot | 2.1.2 | |
| sgi | performance_co-pilot | 2.1.3 | |
| sgi | performance_co-pilot | 2.1.4 | |
| sgi | performance_co-pilot | 2.1.5 | |
| sgi | performance_co-pilot | 2.1.6 | |
| sgi | performance_co-pilot | 2.1.7 | |
| sgi | performance_co-pilot | 2.1.8 | |
| sgi | performance_co-pilot | 2.1.9 | |
| sgi | performance_co-pilot | 2.1.10 | |
| sgi | performance_co-pilot | 2.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sgi:performance_co-pilot:*:*:*:*:*:*:*:*",
"matchCriteriaId": "61D11953-C33A-47B0-B47E-10FD9ACA7A8B",
"versionEndIncluding": "3.6.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sgi:performance_co-pilot:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "81FC987D-ACD6-4495-87FE-5C3547CE22B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sgi:performance_co-pilot:2.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DECE1AE3-0247-4170-A02F-03D33A6DD33B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sgi:performance_co-pilot:2.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D4E5A424-E298-4967-8174-CB6035126750",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sgi:performance_co-pilot:2.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "DCFD1859-A3F0-4A1C-B593-B9FBFDF165D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sgi:performance_co-pilot:2.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "5B5E5B48-F324-49DB-BD42-B8F9B9C3EA72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sgi:performance_co-pilot:2.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "C9D6FF9F-006D-45C9-B0A1-A2E450A75590",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sgi:performance_co-pilot:2.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "1C8F4743-9016-453B-81E7-F3BEC6979FE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sgi:performance_co-pilot:2.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "817F8589-040B-4216-95A2-FE70000B1CDD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sgi:performance_co-pilot:2.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "C4B93DB7-2220-4CF6-B2F3-BB953023EE94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sgi:performance_co-pilot:2.1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "4F9A53D4-333E-4DD1-A99D-AC35C808A138",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sgi:performance_co-pilot:2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "551F7EA0-7323-4D0C-8DE2-EE08689DAFDE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Performance Co-Pilot (PCP) before 3.6.5 exports some of the /proc file system, which allows attackers to obtain sensitive information such as proc/pid/maps and command line arguments."
},
{
"lang": "es",
"value": "Performance Co-Pilot (PCP) anterior a v3.6.5 realiza exportaciones de algunos de los sistema de archivos /proc, que permite a los atacantes obtener informaci\u00f3n confidencial, como proc / pid / maps y los argumentos de l\u00ednea de comandos."
}
],
"id": "CVE-2012-3419",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-08-27T23:55:02.147",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-August/085324.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-August/085333.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00024.html"
},
{
"source": "secalert@redhat.com",
"url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git%3Ba=blob%3Bf=CHANGELOG%3Bh=16c9cbb2f61d909487ea1c3171f4ab33e5648ac5%3Bhb=fe51067ae869a4d59f350ac319b09edcb77ac8e6"
},
{
"source": "secalert@redhat.com",
"url": "http://www.debian.org/security/2012/dsa-2533"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2012/08/16/1"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=841702"
},
{
"source": "secalert@redhat.com",
"url": "https://hermes.opensuse.org/messages/15471040"
},
{
"source": "secalert@redhat.com",
"url": "https://hermes.opensuse.org/messages/15540133"
},
{
"source": "secalert@redhat.com",
"url": "https://hermes.opensuse.org/messages/15540172"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-August/085324.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-August/085333.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00024.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git%3Ba=blob%3Bf=CHANGELOG%3Bh=16c9cbb2f61d909487ea1c3171f4ab33e5648ac5%3Bhb=fe51067ae869a4d59f350ac319b09edcb77ac8e6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2012/dsa-2533"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/08/16/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=841702"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://hermes.opensuse.org/messages/15471040"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://hermes.opensuse.org/messages/15540133"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://hermes.opensuse.org/messages/15540172"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2012-3421
Vulnerability from fkie_nvd - Published: 2012-08-27 23:55 - Updated: 2025-04-11 00:51
Severity ?
Summary
The pduread function in pdu.c in libpcp in Performance Co-Pilot (PCP) before 3.6.5 does not properly time out connections, which allows remote attackers to cause a denial of service (pmcd hang) by sending individual bytes of a PDU separately, related to an "event-driven programming flaw."
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sgi | performance_co-pilot | * | |
| sgi | performance_co-pilot | 2.1.1 | |
| sgi | performance_co-pilot | 2.1.2 | |
| sgi | performance_co-pilot | 2.1.3 | |
| sgi | performance_co-pilot | 2.1.4 | |
| sgi | performance_co-pilot | 2.1.5 | |
| sgi | performance_co-pilot | 2.1.6 | |
| sgi | performance_co-pilot | 2.1.7 | |
| sgi | performance_co-pilot | 2.1.8 | |
| sgi | performance_co-pilot | 2.1.9 | |
| sgi | performance_co-pilot | 2.1.10 | |
| sgi | performance_co-pilot | 2.1.11 | |
| sgi | performance_co-pilot | 2.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sgi:performance_co-pilot:*:*:*:*:*:*:*:*",
"matchCriteriaId": "61D11953-C33A-47B0-B47E-10FD9ACA7A8B",
"versionEndIncluding": "3.6.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sgi:performance_co-pilot:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "81FC987D-ACD6-4495-87FE-5C3547CE22B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sgi:performance_co-pilot:2.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DECE1AE3-0247-4170-A02F-03D33A6DD33B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sgi:performance_co-pilot:2.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D4E5A424-E298-4967-8174-CB6035126750",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sgi:performance_co-pilot:2.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "DCFD1859-A3F0-4A1C-B593-B9FBFDF165D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sgi:performance_co-pilot:2.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "5B5E5B48-F324-49DB-BD42-B8F9B9C3EA72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sgi:performance_co-pilot:2.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "C9D6FF9F-006D-45C9-B0A1-A2E450A75590",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sgi:performance_co-pilot:2.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "1C8F4743-9016-453B-81E7-F3BEC6979FE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sgi:performance_co-pilot:2.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "817F8589-040B-4216-95A2-FE70000B1CDD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sgi:performance_co-pilot:2.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "C4B93DB7-2220-4CF6-B2F3-BB953023EE94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sgi:performance_co-pilot:2.1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "4F9A53D4-333E-4DD1-A99D-AC35C808A138",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sgi:performance_co-pilot:2.1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "9F08C5F0-6EF7-4539-9CED-D3F3E81EEA82",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sgi:performance_co-pilot:2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "551F7EA0-7323-4D0C-8DE2-EE08689DAFDE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The pduread function in pdu.c in libpcp in Performance Co-Pilot (PCP) before 3.6.5 does not properly time out connections, which allows remote attackers to cause a denial of service (pmcd hang) by sending individual bytes of a PDU separately, related to an \"event-driven programming flaw.\""
},
{
"lang": "es",
"value": "La funci\u00f3n pduread en pdu.c en libpcp en Performance Co-Pilot (PCP) anterior a v3.6.5 no realiza el tiempo de espera de conexiones, permitiendo a atacantes remotos provocar una denegaci\u00f3n de servicio (pmcd bloquea) mediante el env\u00edo de bytes individuales de una PDU por separado , en relaci\u00f3n a un \"defecto de programaci\u00f3n orientada a eventos.\""
}
],
"id": "CVE-2012-3421",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-08-27T23:55:02.290",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-August/085324.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-August/085333.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00024.html"
},
{
"source": "secalert@redhat.com",
"url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git%3Ba=blob%3Bf=CHANGELOG%3Bh=16c9cbb2f61d909487ea1c3171f4ab33e5648ac5%3Bhb=fe51067ae869a4d59f350ac319b09edcb77ac8e6"
},
{
"source": "secalert@redhat.com",
"url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git%3Ba=commit%3Bh=9ba85dca940de976176ce196fd5e3c4170936354"
},
{
"source": "secalert@redhat.com",
"url": "http://www.debian.org/security/2012/dsa-2533"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2012/08/16/1"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=841706"
},
{
"source": "secalert@redhat.com",
"url": "https://hermes.opensuse.org/messages/15471040"
},
{
"source": "secalert@redhat.com",
"url": "https://hermes.opensuse.org/messages/15540133"
},
{
"source": "secalert@redhat.com",
"url": "https://hermes.opensuse.org/messages/15540172"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-August/085324.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-August/085333.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00024.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git%3Ba=blob%3Bf=CHANGELOG%3Bh=16c9cbb2f61d909487ea1c3171f4ab33e5648ac5%3Bhb=fe51067ae869a4d59f350ac319b09edcb77ac8e6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git%3Ba=commit%3Bh=9ba85dca940de976176ce196fd5e3c4170936354"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2012/dsa-2533"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/08/16/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=841706"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://hermes.opensuse.org/messages/15471040"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://hermes.opensuse.org/messages/15540133"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://hermes.opensuse.org/messages/15540172"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2012-3418
Vulnerability from fkie_nvd - Published: 2012-08-27 23:55 - Updated: 2025-04-11 00:51
Severity ?
Summary
libpcp in Performance Co-Pilot (PCP) before 3.6.5 allows remote attackers to cause a denial of service and possibly execute arbitrary code via (1) a PDU with the numcreds field value greater than the number of actual elements to the __pmDecodeCreds function in p_creds.c; (2) the string byte number value to the __pmDecodeNameList function in p_pmns.c; (3) the numids value to the __pmDecodeIDList function in p_pmns.c; (4) unspecified vectors to the __pmDecodeProfile function in p_profile.c; the (5) status number value or (6) string number value to the __pmDecodeNameList function in p_pmns.c; (7) certain input to the __pmDecodeResult function in p_result.c; (8) the name length field (namelen) to the DecodeNameReq function in p_pmns.c; (9) a crafted PDU_FETCH request to the __pmDecodeFetch function in p_fetch.c; (10) the namelen field in the __pmDecodeInstanceReq function in p_instance.c; (11) the buflen field to the __pmDecodeText function in p_text.c; (12) PDU_INSTANCE packets to the __pmDecodeInstance in p_instance.c; or the (13) c_numpmid or (14) v_numval fields to the __pmDecodeLogControl function in p_lcontrol.c, which triggers integer overflows, heap-based buffer overflows, and/or buffer over-reads.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sgi | performance_co-pilot | * | |
| sgi | performance_co-pilot | 2.1.1 | |
| sgi | performance_co-pilot | 2.1.2 | |
| sgi | performance_co-pilot | 2.1.3 | |
| sgi | performance_co-pilot | 2.1.4 | |
| sgi | performance_co-pilot | 2.1.5 | |
| sgi | performance_co-pilot | 2.1.6 | |
| sgi | performance_co-pilot | 2.1.7 | |
| sgi | performance_co-pilot | 2.1.8 | |
| sgi | performance_co-pilot | 2.1.9 | |
| sgi | performance_co-pilot | 2.1.10 | |
| sgi | performance_co-pilot | 2.1.11 | |
| sgi | performance_co-pilot | 2.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sgi:performance_co-pilot:*:*:*:*:*:*:*:*",
"matchCriteriaId": "61D11953-C33A-47B0-B47E-10FD9ACA7A8B",
"versionEndIncluding": "3.6.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sgi:performance_co-pilot:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "81FC987D-ACD6-4495-87FE-5C3547CE22B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sgi:performance_co-pilot:2.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DECE1AE3-0247-4170-A02F-03D33A6DD33B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sgi:performance_co-pilot:2.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D4E5A424-E298-4967-8174-CB6035126750",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sgi:performance_co-pilot:2.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "DCFD1859-A3F0-4A1C-B593-B9FBFDF165D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sgi:performance_co-pilot:2.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "5B5E5B48-F324-49DB-BD42-B8F9B9C3EA72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sgi:performance_co-pilot:2.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "C9D6FF9F-006D-45C9-B0A1-A2E450A75590",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sgi:performance_co-pilot:2.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "1C8F4743-9016-453B-81E7-F3BEC6979FE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sgi:performance_co-pilot:2.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "817F8589-040B-4216-95A2-FE70000B1CDD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sgi:performance_co-pilot:2.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "C4B93DB7-2220-4CF6-B2F3-BB953023EE94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sgi:performance_co-pilot:2.1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "4F9A53D4-333E-4DD1-A99D-AC35C808A138",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sgi:performance_co-pilot:2.1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "9F08C5F0-6EF7-4539-9CED-D3F3E81EEA82",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sgi:performance_co-pilot:2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "551F7EA0-7323-4D0C-8DE2-EE08689DAFDE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "libpcp in Performance Co-Pilot (PCP) before 3.6.5 allows remote attackers to cause a denial of service and possibly execute arbitrary code via (1) a PDU with the numcreds field value greater than the number of actual elements to the __pmDecodeCreds function in p_creds.c; (2) the string byte number value to the __pmDecodeNameList function in p_pmns.c; (3) the numids value to the __pmDecodeIDList function in p_pmns.c; (4) unspecified vectors to the __pmDecodeProfile function in p_profile.c; the (5) status number value or (6) string number value to the __pmDecodeNameList function in p_pmns.c; (7) certain input to the __pmDecodeResult function in p_result.c; (8) the name length field (namelen) to the DecodeNameReq function in p_pmns.c; (9) a crafted PDU_FETCH request to the __pmDecodeFetch function in p_fetch.c; (10) the namelen field in the __pmDecodeInstanceReq function in p_instance.c; (11) the buflen field to the __pmDecodeText function in p_text.c; (12) PDU_INSTANCE packets to the __pmDecodeInstance in p_instance.c; or the (13) c_numpmid or (14) v_numval fields to the __pmDecodeLogControl function in p_lcontrol.c, which triggers integer overflows, heap-based buffer overflows, and/or buffer over-reads."
},
{
"lang": "es",
"value": "libpcp en Performance Co-Pilot (PCP) anterior a v3.6.5 permite a atacantes remotos provocar una denegaci\u00f3n de servicio y posiblemente ejecutar c\u00f3digo arbitrario a trav\u00e9s de (1) una PDU con el valor del campo numcreds mayor que el n\u00famero de elementos reales de la funci\u00f3n __ pmDecodeCreds en p_creds.c, (2) el byte de valor de cadena n\u00famero a la funci\u00f3n pmDecodeNameList __ en p_pmns.c, (3) el valor numids a la funci\u00f3n pmDecodeIDList __ en p_pmns.c; (4) vectores no especificados a la funci\u00f3n pmDecodeProfile __ en p_profile.c; el (5) estado de valor o n\u00famero (6) valor num\u00e9rico cadena a la funci\u00f3n __ pmDecodeNameList en p_pmns.c, (7) de entrada determinado en la funci\u00f3n __ pmDecodeResult en p_result.c, (8) el campo longitud del nombre (namelen) a la DecodeNameReq en funci\u00f3n p_pmns.c; (9) una solicitud PDU_FETCH dise\u00f1ados a la funci\u00f3n pmDecodeFetch __ en p_fetch.c; (10) el campo namelen en la funci\u00f3n __ pmDecodeInstanceReq en p_instance.c; (11) el campo buflen a la funci\u00f3n pmDecodeText __ en p_text. c; (12) PDU_INSTANCE paquetes a la __ pmDecodeInstance en p_instance.c; o los campos (13) c_numpmid o (14) v_numval a la funci\u00f3n pmDecodeLogControl __ en p_lcontrol.c, que desencadena desbordamientos de enteros, basado en heap desbordamientos de b\u00fafer, y / o tamp\u00f3n sobre-lee."
}
],
"id": "CVE-2012-3418",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-08-27T23:55:02.040",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-August/085324.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-August/085333.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00024.html"
},
{
"source": "secalert@redhat.com",
"url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git%3Ba=blob%3Bf=CHANGELOG%3Bh=16c9cbb2f61d909487ea1c3171f4ab33e5648ac5%3Bhb=fe51067ae869a4d59f350ac319b09edcb77ac8e6"
},
{
"source": "secalert@redhat.com",
"url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git%3Ba=commit%3Bh=b441980d53be1835b25f0cd6bcc0062da82032dd"
},
{
"source": "secalert@redhat.com",
"url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git%3Ba=commit%3Bh=babd6c5c527f87ec838c13a1b4eba612af6ea27c"
},
{
"source": "secalert@redhat.com",
"url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git%3Ba=commit%3Bh=e4faa1f0ba29151340920d975fc7639adf8371d5"
},
{
"source": "secalert@redhat.com",
"url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git%3Ba=commit%3Bh=f190942b552aa80d59bbe718866aa00b8e3fd5cc"
},
{
"source": "secalert@redhat.com",
"url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git%3Ba=commitdiff%3Bh=49c679c44425915a8d6aa4af5f90b35384843c12"
},
{
"source": "secalert@redhat.com",
"url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git%3Ba=commitdiff%3Bh=7eb479b91ef12bf89a15b078af2107c8c4746a4a"
},
{
"source": "secalert@redhat.com",
"url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git%3Ba=commitdiff%3Bh=9f4e392c97ce42744ec73f82268ce6c815fdca0e"
},
{
"source": "secalert@redhat.com",
"url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git%3Ba=commitdiff%3Bh=bfb3ab8c6b3d75b1a6580feee76a7d0925a3633c"
},
{
"source": "secalert@redhat.com",
"url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git%3Ba=commitdiff%3Bh=cced6012b4b93bfb640a9678589ced5416743910"
},
{
"source": "secalert@redhat.com",
"url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git%3Ba=commitdiff%3Bh=f0eaefe046b1061797f45b0c20bb2ac371b504a5"
},
{
"source": "secalert@redhat.com",
"url": "http://www.debian.org/security/2012/dsa-2533"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2012/08/16/1"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=840822"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=840920"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=841112"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=841126"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=841159"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=841180"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=841183"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=841240"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=841249"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=841284"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=841698"
},
{
"source": "secalert@redhat.com",
"url": "https://hermes.opensuse.org/messages/15471040"
},
{
"source": "secalert@redhat.com",
"url": "https://hermes.opensuse.org/messages/15540133"
},
{
"source": "secalert@redhat.com",
"url": "https://hermes.opensuse.org/messages/15540172"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-August/085324.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-August/085333.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00024.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git%3Ba=blob%3Bf=CHANGELOG%3Bh=16c9cbb2f61d909487ea1c3171f4ab33e5648ac5%3Bhb=fe51067ae869a4d59f350ac319b09edcb77ac8e6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git%3Ba=commit%3Bh=b441980d53be1835b25f0cd6bcc0062da82032dd"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git%3Ba=commit%3Bh=babd6c5c527f87ec838c13a1b4eba612af6ea27c"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git%3Ba=commit%3Bh=e4faa1f0ba29151340920d975fc7639adf8371d5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git%3Ba=commit%3Bh=f190942b552aa80d59bbe718866aa00b8e3fd5cc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git%3Ba=commitdiff%3Bh=49c679c44425915a8d6aa4af5f90b35384843c12"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git%3Ba=commitdiff%3Bh=7eb479b91ef12bf89a15b078af2107c8c4746a4a"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git%3Ba=commitdiff%3Bh=9f4e392c97ce42744ec73f82268ce6c815fdca0e"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git%3Ba=commitdiff%3Bh=bfb3ab8c6b3d75b1a6580feee76a7d0925a3633c"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git%3Ba=commitdiff%3Bh=cced6012b4b93bfb640a9678589ced5416743910"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git%3Ba=commitdiff%3Bh=f0eaefe046b1061797f45b0c20bb2ac371b504a5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2012/dsa-2533"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/08/16/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=840822"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=840920"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=841112"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=841126"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=841159"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=841180"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=841183"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=841240"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=841249"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=841284"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=841698"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://hermes.opensuse.org/messages/15471040"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://hermes.opensuse.org/messages/15540133"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://hermes.opensuse.org/messages/15540172"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-189"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2001-0823
Vulnerability from fkie_nvd - Published: 2001-12-06 05:00 - Updated: 2025-04-03 01:03
Severity ?
Summary
The pmpost program in Performance Co-Pilot (PCP) before 2.2.1-3 allows a local user to gain privileges via a symlink attack on the NOTICES file in the PCP log directory (PCP_LOG_DIR).
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sgi | performance_co-pilot | 2.1.1 | |
| sgi | performance_co-pilot | 2.1.2 | |
| sgi | performance_co-pilot | 2.1.3 | |
| sgi | performance_co-pilot | 2.1.4 | |
| sgi | performance_co-pilot | 2.1.5 | |
| sgi | performance_co-pilot | 2.1.6 | |
| sgi | performance_co-pilot | 2.1.7 | |
| sgi | performance_co-pilot | 2.1.8 | |
| sgi | performance_co-pilot | 2.1.9 | |
| sgi | performance_co-pilot | 2.1.10 | |
| sgi | performance_co-pilot | 2.1.11 | |
| sgi | performance_co-pilot | 2.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sgi:performance_co-pilot:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "81FC987D-ACD6-4495-87FE-5C3547CE22B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sgi:performance_co-pilot:2.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DECE1AE3-0247-4170-A02F-03D33A6DD33B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sgi:performance_co-pilot:2.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D4E5A424-E298-4967-8174-CB6035126750",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sgi:performance_co-pilot:2.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "DCFD1859-A3F0-4A1C-B593-B9FBFDF165D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sgi:performance_co-pilot:2.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "5B5E5B48-F324-49DB-BD42-B8F9B9C3EA72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sgi:performance_co-pilot:2.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "C9D6FF9F-006D-45C9-B0A1-A2E450A75590",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sgi:performance_co-pilot:2.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "1C8F4743-9016-453B-81E7-F3BEC6979FE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sgi:performance_co-pilot:2.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "817F8589-040B-4216-95A2-FE70000B1CDD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sgi:performance_co-pilot:2.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "C4B93DB7-2220-4CF6-B2F3-BB953023EE94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sgi:performance_co-pilot:2.1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "4F9A53D4-333E-4DD1-A99D-AC35C808A138",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sgi:performance_co-pilot:2.1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "9F08C5F0-6EF7-4539-9CED-D3F3E81EEA82",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sgi:performance_co-pilot:2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "551F7EA0-7323-4D0C-8DE2-EE08689DAFDE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The pmpost program in Performance Co-Pilot (PCP) before 2.2.1-3 allows a local user to gain privileges via a symlink attack on the NOTICES file in the PCP log directory (PCP_LOG_DIR)."
}
],
"id": "CVE-2001-0823",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2001-12-06T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "ftp://patches.sgi.com/support/free/security/advisories/20010601-01-A"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-06/0245.html"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=99290754901708\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/2887"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6724"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "ftp://patches.sgi.com/support/free/security/advisories/20010601-01-A"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-06/0245.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=99290754901708\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/2887"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6724"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2023-6917 (GCVE-0-2023-6917)
Vulnerability from cvelistv5 – Published: 2024-02-28 14:38 – Updated: 2025-11-20 18:07
VLAI?
Summary
A vulnerability has been identified in the Performance Co-Pilot (PCP) package, stemming from the mixed privilege levels utilized by systemd services associated with PCP. While certain services operate within the confines of limited PCP user/group privileges, others are granted full root privileges. This disparity in privilege levels poses a risk when privileged root processes interact with directories or directory trees owned by unprivileged PCP users. Specifically, this vulnerability may lead to the compromise of PCP user isolation and facilitate local PCP-to-root exploits, particularly through symlink attacks. These vulnerabilities underscore the importance of maintaining robust privilege separation mechanisms within PCP to mitigate the potential for unauthorized privilege escalation.
Severity ?
6 (Medium)
CWE
- CWE-378 - Creation of Temporary File With Insecure Permissions
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Red Hat | Red Hat Enterprise Linux 9 |
Unaffected:
0:6.2.0-1.el9 , < *
(rpm)
cpe:/a:redhat:enterprise_linux:9::appstream |
|||||||||||||||||
|
|||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:42:08.409Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2024:2213",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:2213"
},
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-6917"
},
{
"name": "RHBZ#2254983",
"tags": [
"issue-tracking",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254983"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-6917",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-28T20:00:24.999365Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-12T20:41:24.811Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:9::appstream"
],
"defaultStatus": "affected",
"packageName": "pcp",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:6.2.0-1.el9",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:6"
],
"defaultStatus": "unknown",
"packageName": "pcp",
"product": "Red Hat Enterprise Linux 6",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "unknown",
"packageName": "pcp",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "affected",
"packageName": "pcp",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
}
],
"datePublic": "2024-02-15T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in the Performance Co-Pilot (PCP) package, stemming from the mixed privilege levels utilized by systemd services associated with PCP. While certain services operate within the confines of limited PCP user/group privileges, others are granted full root privileges. This disparity in privilege levels poses a risk when privileged root processes interact with directories or directory trees owned by unprivileged PCP users. Specifically, this vulnerability may lead to the compromise of PCP user isolation and facilitate local PCP-to-root exploits, particularly through symlink attacks. These vulnerabilities underscore the importance of maintaining robust privilege separation mechanisms within PCP to mitigate the potential for unauthorized privilege escalation."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Moderate"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-378",
"description": "Creation of Temporary File With Insecure Permissions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-20T18:07:05.664Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2024:2213",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:2213"
},
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-6917"
},
{
"name": "RHBZ#2254983",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254983"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-12-14T00:00:00+00:00",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2024-02-15T00:00:00+00:00",
"value": "Made public."
}
],
"title": "Pcp: unsafe use of directories allows pcp to root privilege escalation",
"workarounds": [
{
"lang": "en",
"value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
}
],
"x_redhatCweChain": "(CWE-61|CWE-378): UNIX Symbolic Link (Symlink) Following or Creation of Temporary File With Insecure Permissions"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2023-6917",
"datePublished": "2024-02-28T14:38:19.258Z",
"dateReserved": "2023-12-18T11:14:14.230Z",
"dateUpdated": "2025-11-20T18:07:05.664Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2012-5530 (GCVE-0-2012-5530)
Vulnerability from cvelistv5 – Published: 2012-11-29 11:00 – Updated: 2024-08-06 21:05
VLAI?
Summary
The (1) pcmd and (2) pmlogger init scripts in Performance Co-Pilot (PCP) before 3.6.10 allow local users to overwrite arbitrary files via a symlink attack on a /var/tmp/##### temporary file.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:05:47.347Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "56656",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/56656"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=875842"
},
{
"name": "SUSE-SU-2013:0190",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00024.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=782967"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-11-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The (1) pcmd and (2) pmlogger init scripts in Performance Co-Pilot (PCP) before 3.6.10 allow local users to overwrite arbitrary files via a symlink attack on a /var/tmp/##### temporary file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-02-07T10:00:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "56656",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/56656"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=875842"
},
{
"name": "SUSE-SU-2013:0190",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00024.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=782967"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-5530",
"datePublished": "2012-11-29T11:00:00",
"dateReserved": "2012-10-24T00:00:00",
"dateUpdated": "2024-08-06T21:05:47.347Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-3420 (GCVE-0-2012-3420)
Vulnerability from cvelistv5 – Published: 2012-08-27 23:00 – Updated: 2024-08-06 20:05
VLAI?
Summary
Multiple memory leaks in Performance Co-Pilot (PCP) before 3.6.5 allow remote attackers to cause a denial of service (memory consumption or daemon crash) via a large number of PDUs with (1) a crafted context number to the DoFetch function in pmcd/src/dofetch.c or (2) a negative type value to the __pmGetPDU function in libpcp/src/pdu.c.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T20:05:12.163Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git%3Ba=blob%3Bf=CHANGELOG%3Bh=16c9cbb2f61d909487ea1c3171f4ab33e5648ac5%3Bhb=fe51067ae869a4d59f350ac319b09edcb77ac8e6"
},
{
"name": "openSUSE-SU-2012:1079",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "https://hermes.opensuse.org/messages/15540133"
},
{
"name": "openSUSE-SU-2012:1081",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "https://hermes.opensuse.org/messages/15540172"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=841319"
},
{
"name": "[oss-security] 20120816 pcp: Multiple security flaws",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/08/16/1"
},
{
"name": "FEDORA-2012-12076",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-August/085333.html"
},
{
"name": "openSUSE-SU-2012:1036",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "https://hermes.opensuse.org/messages/15471040"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=841704"
},
{
"name": "FEDORA-2012-12024",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-August/085324.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=841298"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git%3Ba=commit%3Bh=68fb968b4ee635bb301dc9ab64e633b0d66d27b4"
},
{
"name": "SUSE-SU-2013:0190",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00024.html"
},
{
"name": "DSA-2533",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2012/dsa-2533"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git%3Ba=commit%3Bh=a7dc844d3586ea79887655a97c4252a79751fdae"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-08-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple memory leaks in Performance Co-Pilot (PCP) before 3.6.5 allow remote attackers to cause a denial of service (memory consumption or daemon crash) via a large number of PDUs with (1) a crafted context number to the DoFetch function in pmcd/src/dofetch.c or (2) a negative type value to the __pmGetPDU function in libpcp/src/pdu.c."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-09-07T09:00:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git%3Ba=blob%3Bf=CHANGELOG%3Bh=16c9cbb2f61d909487ea1c3171f4ab33e5648ac5%3Bhb=fe51067ae869a4d59f350ac319b09edcb77ac8e6"
},
{
"name": "openSUSE-SU-2012:1079",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "https://hermes.opensuse.org/messages/15540133"
},
{
"name": "openSUSE-SU-2012:1081",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "https://hermes.opensuse.org/messages/15540172"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=841319"
},
{
"name": "[oss-security] 20120816 pcp: Multiple security flaws",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/08/16/1"
},
{
"name": "FEDORA-2012-12076",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-August/085333.html"
},
{
"name": "openSUSE-SU-2012:1036",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "https://hermes.opensuse.org/messages/15471040"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=841704"
},
{
"name": "FEDORA-2012-12024",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-August/085324.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=841298"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git%3Ba=commit%3Bh=68fb968b4ee635bb301dc9ab64e633b0d66d27b4"
},
{
"name": "SUSE-SU-2013:0190",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00024.html"
},
{
"name": "DSA-2533",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2012/dsa-2533"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git%3Ba=commit%3Bh=a7dc844d3586ea79887655a97c4252a79751fdae"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-3420",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple memory leaks in Performance Co-Pilot (PCP) before 3.6.5 allow remote attackers to cause a denial of service (memory consumption or daemon crash) via a large number of PDUs with (1) a crafted context number to the DoFetch function in pmcd/src/dofetch.c or (2) a negative type value to the __pmGetPDU function in libpcp/src/pdu.c."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git;a=blob;f=CHANGELOG;h=16c9cbb2f61d909487ea1c3171f4ab33e5648ac5;hb=fe51067ae869a4d59f350ac319b09edcb77ac8e6",
"refsource": "CONFIRM",
"url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git;a=blob;f=CHANGELOG;h=16c9cbb2f61d909487ea1c3171f4ab33e5648ac5;hb=fe51067ae869a4d59f350ac319b09edcb77ac8e6"
},
{
"name": "openSUSE-SU-2012:1079",
"refsource": "SUSE",
"url": "https://hermes.opensuse.org/messages/15540133"
},
{
"name": "openSUSE-SU-2012:1081",
"refsource": "SUSE",
"url": "https://hermes.opensuse.org/messages/15540172"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=841319",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=841319"
},
{
"name": "[oss-security] 20120816 pcp: Multiple security flaws",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/08/16/1"
},
{
"name": "FEDORA-2012-12076",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-August/085333.html"
},
{
"name": "openSUSE-SU-2012:1036",
"refsource": "SUSE",
"url": "https://hermes.opensuse.org/messages/15471040"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=841704",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=841704"
},
{
"name": "FEDORA-2012-12024",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-August/085324.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=841298",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=841298"
},
{
"name": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git;a=commit;h=68fb968b4ee635bb301dc9ab64e633b0d66d27b4",
"refsource": "CONFIRM",
"url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git;a=commit;h=68fb968b4ee635bb301dc9ab64e633b0d66d27b4"
},
{
"name": "SUSE-SU-2013:0190",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00024.html"
},
{
"name": "DSA-2533",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2012/dsa-2533"
},
{
"name": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git;a=commit;h=a7dc844d3586ea79887655a97c4252a79751fdae",
"refsource": "CONFIRM",
"url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git;a=commit;h=a7dc844d3586ea79887655a97c4252a79751fdae"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-3420",
"datePublished": "2012-08-27T23:00:00",
"dateReserved": "2012-06-14T00:00:00",
"dateUpdated": "2024-08-06T20:05:12.163Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-3418 (GCVE-0-2012-3418)
Vulnerability from cvelistv5 – Published: 2012-08-27 23:00 – Updated: 2024-08-06 20:05
VLAI?
Summary
libpcp in Performance Co-Pilot (PCP) before 3.6.5 allows remote attackers to cause a denial of service and possibly execute arbitrary code via (1) a PDU with the numcreds field value greater than the number of actual elements to the __pmDecodeCreds function in p_creds.c; (2) the string byte number value to the __pmDecodeNameList function in p_pmns.c; (3) the numids value to the __pmDecodeIDList function in p_pmns.c; (4) unspecified vectors to the __pmDecodeProfile function in p_profile.c; the (5) status number value or (6) string number value to the __pmDecodeNameList function in p_pmns.c; (7) certain input to the __pmDecodeResult function in p_result.c; (8) the name length field (namelen) to the DecodeNameReq function in p_pmns.c; (9) a crafted PDU_FETCH request to the __pmDecodeFetch function in p_fetch.c; (10) the namelen field in the __pmDecodeInstanceReq function in p_instance.c; (11) the buflen field to the __pmDecodeText function in p_text.c; (12) PDU_INSTANCE packets to the __pmDecodeInstance in p_instance.c; or the (13) c_numpmid or (14) v_numval fields to the __pmDecodeLogControl function in p_lcontrol.c, which triggers integer overflows, heap-based buffer overflows, and/or buffer over-reads.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T20:05:12.135Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=841249"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git%3Ba=commitdiff%3Bh=49c679c44425915a8d6aa4af5f90b35384843c12"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git%3Ba=blob%3Bf=CHANGELOG%3Bh=16c9cbb2f61d909487ea1c3171f4ab33e5648ac5%3Bhb=fe51067ae869a4d59f350ac319b09edcb77ac8e6"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=841183"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=840822"
},
{
"name": "openSUSE-SU-2012:1079",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "https://hermes.opensuse.org/messages/15540133"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=841698"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=841284"
},
{
"name": "openSUSE-SU-2012:1081",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "https://hermes.opensuse.org/messages/15540172"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git%3Ba=commit%3Bh=e4faa1f0ba29151340920d975fc7639adf8371d5"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git%3Ba=commit%3Bh=b441980d53be1835b25f0cd6bcc0062da82032dd"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=840920"
},
{
"name": "[oss-security] 20120816 pcp: Multiple security flaws",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/08/16/1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git%3Ba=commit%3Bh=babd6c5c527f87ec838c13a1b4eba612af6ea27c"
},
{
"name": "FEDORA-2012-12076",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-August/085333.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=841112"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git%3Ba=commit%3Bh=f190942b552aa80d59bbe718866aa00b8e3fd5cc"
},
{
"name": "openSUSE-SU-2012:1036",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "https://hermes.opensuse.org/messages/15471040"
},
{
"name": "FEDORA-2012-12024",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-August/085324.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git%3Ba=commitdiff%3Bh=f0eaefe046b1061797f45b0c20bb2ac371b504a5"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=841126"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=841159"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git%3Ba=commitdiff%3Bh=7eb479b91ef12bf89a15b078af2107c8c4746a4a"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git%3Ba=commitdiff%3Bh=9f4e392c97ce42744ec73f82268ce6c815fdca0e"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=841240"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=841180"
},
{
"name": "SUSE-SU-2013:0190",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00024.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git%3Ba=commitdiff%3Bh=cced6012b4b93bfb640a9678589ced5416743910"
},
{
"name": "DSA-2533",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2012/dsa-2533"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git%3Ba=commitdiff%3Bh=bfb3ab8c6b3d75b1a6580feee76a7d0925a3633c"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-08-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "libpcp in Performance Co-Pilot (PCP) before 3.6.5 allows remote attackers to cause a denial of service and possibly execute arbitrary code via (1) a PDU with the numcreds field value greater than the number of actual elements to the __pmDecodeCreds function in p_creds.c; (2) the string byte number value to the __pmDecodeNameList function in p_pmns.c; (3) the numids value to the __pmDecodeIDList function in p_pmns.c; (4) unspecified vectors to the __pmDecodeProfile function in p_profile.c; the (5) status number value or (6) string number value to the __pmDecodeNameList function in p_pmns.c; (7) certain input to the __pmDecodeResult function in p_result.c; (8) the name length field (namelen) to the DecodeNameReq function in p_pmns.c; (9) a crafted PDU_FETCH request to the __pmDecodeFetch function in p_fetch.c; (10) the namelen field in the __pmDecodeInstanceReq function in p_instance.c; (11) the buflen field to the __pmDecodeText function in p_text.c; (12) PDU_INSTANCE packets to the __pmDecodeInstance in p_instance.c; or the (13) c_numpmid or (14) v_numval fields to the __pmDecodeLogControl function in p_lcontrol.c, which triggers integer overflows, heap-based buffer overflows, and/or buffer over-reads."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-09-07T09:00:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=841249"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git%3Ba=commitdiff%3Bh=49c679c44425915a8d6aa4af5f90b35384843c12"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git%3Ba=blob%3Bf=CHANGELOG%3Bh=16c9cbb2f61d909487ea1c3171f4ab33e5648ac5%3Bhb=fe51067ae869a4d59f350ac319b09edcb77ac8e6"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=841183"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=840822"
},
{
"name": "openSUSE-SU-2012:1079",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "https://hermes.opensuse.org/messages/15540133"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=841698"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=841284"
},
{
"name": "openSUSE-SU-2012:1081",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "https://hermes.opensuse.org/messages/15540172"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git%3Ba=commit%3Bh=e4faa1f0ba29151340920d975fc7639adf8371d5"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git%3Ba=commit%3Bh=b441980d53be1835b25f0cd6bcc0062da82032dd"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=840920"
},
{
"name": "[oss-security] 20120816 pcp: Multiple security flaws",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/08/16/1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git%3Ba=commit%3Bh=babd6c5c527f87ec838c13a1b4eba612af6ea27c"
},
{
"name": "FEDORA-2012-12076",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-August/085333.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=841112"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git%3Ba=commit%3Bh=f190942b552aa80d59bbe718866aa00b8e3fd5cc"
},
{
"name": "openSUSE-SU-2012:1036",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "https://hermes.opensuse.org/messages/15471040"
},
{
"name": "FEDORA-2012-12024",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-August/085324.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git%3Ba=commitdiff%3Bh=f0eaefe046b1061797f45b0c20bb2ac371b504a5"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=841126"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=841159"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git%3Ba=commitdiff%3Bh=7eb479b91ef12bf89a15b078af2107c8c4746a4a"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git%3Ba=commitdiff%3Bh=9f4e392c97ce42744ec73f82268ce6c815fdca0e"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=841240"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=841180"
},
{
"name": "SUSE-SU-2013:0190",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00024.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git%3Ba=commitdiff%3Bh=cced6012b4b93bfb640a9678589ced5416743910"
},
{
"name": "DSA-2533",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2012/dsa-2533"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git%3Ba=commitdiff%3Bh=bfb3ab8c6b3d75b1a6580feee76a7d0925a3633c"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-3418",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "libpcp in Performance Co-Pilot (PCP) before 3.6.5 allows remote attackers to cause a denial of service and possibly execute arbitrary code via (1) a PDU with the numcreds field value greater than the number of actual elements to the __pmDecodeCreds function in p_creds.c; (2) the string byte number value to the __pmDecodeNameList function in p_pmns.c; (3) the numids value to the __pmDecodeIDList function in p_pmns.c; (4) unspecified vectors to the __pmDecodeProfile function in p_profile.c; the (5) status number value or (6) string number value to the __pmDecodeNameList function in p_pmns.c; (7) certain input to the __pmDecodeResult function in p_result.c; (8) the name length field (namelen) to the DecodeNameReq function in p_pmns.c; (9) a crafted PDU_FETCH request to the __pmDecodeFetch function in p_fetch.c; (10) the namelen field in the __pmDecodeInstanceReq function in p_instance.c; (11) the buflen field to the __pmDecodeText function in p_text.c; (12) PDU_INSTANCE packets to the __pmDecodeInstance in p_instance.c; or the (13) c_numpmid or (14) v_numval fields to the __pmDecodeLogControl function in p_lcontrol.c, which triggers integer overflows, heap-based buffer overflows, and/or buffer over-reads."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=841249",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=841249"
},
{
"name": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git;a=commitdiff;h=49c679c44425915a8d6aa4af5f90b35384843c12",
"refsource": "CONFIRM",
"url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git;a=commitdiff;h=49c679c44425915a8d6aa4af5f90b35384843c12"
},
{
"name": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git;a=blob;f=CHANGELOG;h=16c9cbb2f61d909487ea1c3171f4ab33e5648ac5;hb=fe51067ae869a4d59f350ac319b09edcb77ac8e6",
"refsource": "CONFIRM",
"url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git;a=blob;f=CHANGELOG;h=16c9cbb2f61d909487ea1c3171f4ab33e5648ac5;hb=fe51067ae869a4d59f350ac319b09edcb77ac8e6"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=841183",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=841183"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=840822",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=840822"
},
{
"name": "openSUSE-SU-2012:1079",
"refsource": "SUSE",
"url": "https://hermes.opensuse.org/messages/15540133"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=841698",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=841698"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=841284",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=841284"
},
{
"name": "openSUSE-SU-2012:1081",
"refsource": "SUSE",
"url": "https://hermes.opensuse.org/messages/15540172"
},
{
"name": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git;a=commit;h=e4faa1f0ba29151340920d975fc7639adf8371d5",
"refsource": "CONFIRM",
"url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git;a=commit;h=e4faa1f0ba29151340920d975fc7639adf8371d5"
},
{
"name": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git;a=commit;h=b441980d53be1835b25f0cd6bcc0062da82032dd",
"refsource": "CONFIRM",
"url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git;a=commit;h=b441980d53be1835b25f0cd6bcc0062da82032dd"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=840920",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=840920"
},
{
"name": "[oss-security] 20120816 pcp: Multiple security flaws",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/08/16/1"
},
{
"name": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git;a=commit;h=babd6c5c527f87ec838c13a1b4eba612af6ea27c",
"refsource": "CONFIRM",
"url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git;a=commit;h=babd6c5c527f87ec838c13a1b4eba612af6ea27c"
},
{
"name": "FEDORA-2012-12076",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-August/085333.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=841112",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=841112"
},
{
"name": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git;a=commit;h=f190942b552aa80d59bbe718866aa00b8e3fd5cc",
"refsource": "CONFIRM",
"url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git;a=commit;h=f190942b552aa80d59bbe718866aa00b8e3fd5cc"
},
{
"name": "openSUSE-SU-2012:1036",
"refsource": "SUSE",
"url": "https://hermes.opensuse.org/messages/15471040"
},
{
"name": "FEDORA-2012-12024",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-August/085324.html"
},
{
"name": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git;a=commitdiff;h=f0eaefe046b1061797f45b0c20bb2ac371b504a5",
"refsource": "CONFIRM",
"url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git;a=commitdiff;h=f0eaefe046b1061797f45b0c20bb2ac371b504a5"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=841126",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=841126"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=841159",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=841159"
},
{
"name": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git;a=commitdiff;h=7eb479b91ef12bf89a15b078af2107c8c4746a4a",
"refsource": "CONFIRM",
"url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git;a=commitdiff;h=7eb479b91ef12bf89a15b078af2107c8c4746a4a"
},
{
"name": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git;a=commitdiff;h=9f4e392c97ce42744ec73f82268ce6c815fdca0e",
"refsource": "CONFIRM",
"url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git;a=commitdiff;h=9f4e392c97ce42744ec73f82268ce6c815fdca0e"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=841240",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=841240"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=841180",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=841180"
},
{
"name": "SUSE-SU-2013:0190",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00024.html"
},
{
"name": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git;a=commitdiff;h=cced6012b4b93bfb640a9678589ced5416743910",
"refsource": "CONFIRM",
"url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git;a=commitdiff;h=cced6012b4b93bfb640a9678589ced5416743910"
},
{
"name": "DSA-2533",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2012/dsa-2533"
},
{
"name": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git;a=commitdiff;h=bfb3ab8c6b3d75b1a6580feee76a7d0925a3633c",
"refsource": "CONFIRM",
"url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git;a=commitdiff;h=bfb3ab8c6b3d75b1a6580feee76a7d0925a3633c"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-3418",
"datePublished": "2012-08-27T23:00:00",
"dateReserved": "2012-06-14T00:00:00",
"dateUpdated": "2024-08-06T20:05:12.135Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-3419 (GCVE-0-2012-3419)
Vulnerability from cvelistv5 – Published: 2012-08-27 23:00 – Updated: 2024-08-06 20:05
VLAI?
Summary
Performance Co-Pilot (PCP) before 3.6.5 exports some of the /proc file system, which allows attackers to obtain sensitive information such as proc/pid/maps and command line arguments.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T20:05:12.091Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git%3Ba=blob%3Bf=CHANGELOG%3Bh=16c9cbb2f61d909487ea1c3171f4ab33e5648ac5%3Bhb=fe51067ae869a4d59f350ac319b09edcb77ac8e6"
},
{
"name": "openSUSE-SU-2012:1079",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "https://hermes.opensuse.org/messages/15540133"
},
{
"name": "openSUSE-SU-2012:1081",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "https://hermes.opensuse.org/messages/15540172"
},
{
"name": "[oss-security] 20120816 pcp: Multiple security flaws",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/08/16/1"
},
{
"name": "FEDORA-2012-12076",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-August/085333.html"
},
{
"name": "openSUSE-SU-2012:1036",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "https://hermes.opensuse.org/messages/15471040"
},
{
"name": "FEDORA-2012-12024",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-August/085324.html"
},
{
"name": "SUSE-SU-2013:0190",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00024.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=841702"
},
{
"name": "DSA-2533",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2012/dsa-2533"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-08-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Performance Co-Pilot (PCP) before 3.6.5 exports some of the /proc file system, which allows attackers to obtain sensitive information such as proc/pid/maps and command line arguments."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-09-07T09:00:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git%3Ba=blob%3Bf=CHANGELOG%3Bh=16c9cbb2f61d909487ea1c3171f4ab33e5648ac5%3Bhb=fe51067ae869a4d59f350ac319b09edcb77ac8e6"
},
{
"name": "openSUSE-SU-2012:1079",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "https://hermes.opensuse.org/messages/15540133"
},
{
"name": "openSUSE-SU-2012:1081",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "https://hermes.opensuse.org/messages/15540172"
},
{
"name": "[oss-security] 20120816 pcp: Multiple security flaws",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/08/16/1"
},
{
"name": "FEDORA-2012-12076",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-August/085333.html"
},
{
"name": "openSUSE-SU-2012:1036",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "https://hermes.opensuse.org/messages/15471040"
},
{
"name": "FEDORA-2012-12024",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-August/085324.html"
},
{
"name": "SUSE-SU-2013:0190",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00024.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=841702"
},
{
"name": "DSA-2533",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2012/dsa-2533"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-3419",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Performance Co-Pilot (PCP) before 3.6.5 exports some of the /proc file system, which allows attackers to obtain sensitive information such as proc/pid/maps and command line arguments."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git;a=blob;f=CHANGELOG;h=16c9cbb2f61d909487ea1c3171f4ab33e5648ac5;hb=fe51067ae869a4d59f350ac319b09edcb77ac8e6",
"refsource": "CONFIRM",
"url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git;a=blob;f=CHANGELOG;h=16c9cbb2f61d909487ea1c3171f4ab33e5648ac5;hb=fe51067ae869a4d59f350ac319b09edcb77ac8e6"
},
{
"name": "openSUSE-SU-2012:1079",
"refsource": "SUSE",
"url": "https://hermes.opensuse.org/messages/15540133"
},
{
"name": "openSUSE-SU-2012:1081",
"refsource": "SUSE",
"url": "https://hermes.opensuse.org/messages/15540172"
},
{
"name": "[oss-security] 20120816 pcp: Multiple security flaws",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/08/16/1"
},
{
"name": "FEDORA-2012-12076",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-August/085333.html"
},
{
"name": "openSUSE-SU-2012:1036",
"refsource": "SUSE",
"url": "https://hermes.opensuse.org/messages/15471040"
},
{
"name": "FEDORA-2012-12024",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-August/085324.html"
},
{
"name": "SUSE-SU-2013:0190",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00024.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=841702",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=841702"
},
{
"name": "DSA-2533",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2012/dsa-2533"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-3419",
"datePublished": "2012-08-27T23:00:00",
"dateReserved": "2012-06-14T00:00:00",
"dateUpdated": "2024-08-06T20:05:12.091Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-3421 (GCVE-0-2012-3421)
Vulnerability from cvelistv5 – Published: 2012-08-27 23:00 – Updated: 2024-08-06 20:05
VLAI?
Summary
The pduread function in pdu.c in libpcp in Performance Co-Pilot (PCP) before 3.6.5 does not properly time out connections, which allows remote attackers to cause a denial of service (pmcd hang) by sending individual bytes of a PDU separately, related to an "event-driven programming flaw."
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T20:05:12.583Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git%3Ba=blob%3Bf=CHANGELOG%3Bh=16c9cbb2f61d909487ea1c3171f4ab33e5648ac5%3Bhb=fe51067ae869a4d59f350ac319b09edcb77ac8e6"
},
{
"name": "openSUSE-SU-2012:1079",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "https://hermes.opensuse.org/messages/15540133"
},
{
"name": "openSUSE-SU-2012:1081",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "https://hermes.opensuse.org/messages/15540172"
},
{
"name": "[oss-security] 20120816 pcp: Multiple security flaws",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/08/16/1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git%3Ba=commit%3Bh=9ba85dca940de976176ce196fd5e3c4170936354"
},
{
"name": "FEDORA-2012-12076",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-August/085333.html"
},
{
"name": "openSUSE-SU-2012:1036",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "https://hermes.opensuse.org/messages/15471040"
},
{
"name": "FEDORA-2012-12024",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-August/085324.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=841706"
},
{
"name": "SUSE-SU-2013:0190",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00024.html"
},
{
"name": "DSA-2533",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2012/dsa-2533"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-08-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The pduread function in pdu.c in libpcp in Performance Co-Pilot (PCP) before 3.6.5 does not properly time out connections, which allows remote attackers to cause a denial of service (pmcd hang) by sending individual bytes of a PDU separately, related to an \"event-driven programming flaw.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-09-07T09:00:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git%3Ba=blob%3Bf=CHANGELOG%3Bh=16c9cbb2f61d909487ea1c3171f4ab33e5648ac5%3Bhb=fe51067ae869a4d59f350ac319b09edcb77ac8e6"
},
{
"name": "openSUSE-SU-2012:1079",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "https://hermes.opensuse.org/messages/15540133"
},
{
"name": "openSUSE-SU-2012:1081",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "https://hermes.opensuse.org/messages/15540172"
},
{
"name": "[oss-security] 20120816 pcp: Multiple security flaws",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/08/16/1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git%3Ba=commit%3Bh=9ba85dca940de976176ce196fd5e3c4170936354"
},
{
"name": "FEDORA-2012-12076",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-August/085333.html"
},
{
"name": "openSUSE-SU-2012:1036",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "https://hermes.opensuse.org/messages/15471040"
},
{
"name": "FEDORA-2012-12024",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-August/085324.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=841706"
},
{
"name": "SUSE-SU-2013:0190",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00024.html"
},
{
"name": "DSA-2533",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2012/dsa-2533"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-3421",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The pduread function in pdu.c in libpcp in Performance Co-Pilot (PCP) before 3.6.5 does not properly time out connections, which allows remote attackers to cause a denial of service (pmcd hang) by sending individual bytes of a PDU separately, related to an \"event-driven programming flaw.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git;a=blob;f=CHANGELOG;h=16c9cbb2f61d909487ea1c3171f4ab33e5648ac5;hb=fe51067ae869a4d59f350ac319b09edcb77ac8e6",
"refsource": "CONFIRM",
"url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git;a=blob;f=CHANGELOG;h=16c9cbb2f61d909487ea1c3171f4ab33e5648ac5;hb=fe51067ae869a4d59f350ac319b09edcb77ac8e6"
},
{
"name": "openSUSE-SU-2012:1079",
"refsource": "SUSE",
"url": "https://hermes.opensuse.org/messages/15540133"
},
{
"name": "openSUSE-SU-2012:1081",
"refsource": "SUSE",
"url": "https://hermes.opensuse.org/messages/15540172"
},
{
"name": "[oss-security] 20120816 pcp: Multiple security flaws",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/08/16/1"
},
{
"name": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git;a=commit;h=9ba85dca940de976176ce196fd5e3c4170936354",
"refsource": "CONFIRM",
"url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git;a=commit;h=9ba85dca940de976176ce196fd5e3c4170936354"
},
{
"name": "FEDORA-2012-12076",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-August/085333.html"
},
{
"name": "openSUSE-SU-2012:1036",
"refsource": "SUSE",
"url": "https://hermes.opensuse.org/messages/15471040"
},
{
"name": "FEDORA-2012-12024",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-August/085324.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=841706",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=841706"
},
{
"name": "SUSE-SU-2013:0190",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00024.html"
},
{
"name": "DSA-2533",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2012/dsa-2533"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-3421",
"datePublished": "2012-08-27T23:00:00",
"dateReserved": "2012-06-14T00:00:00",
"dateUpdated": "2024-08-06T20:05:12.583Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2001-0823 (GCVE-0-2001-0823)
Vulnerability from cvelistv5 – Published: 2002-03-09 05:00 – Updated: 2024-08-08 04:37
VLAI?
Summary
The pmpost program in Performance Co-Pilot (PCP) before 2.2.1-3 allows a local user to gain privileges via a symlink attack on the NOTICES file in the PCP log directory (PCP_LOG_DIR).
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T04:37:06.210Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20010618 pmpost - another nice symlink follower",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=99290754901708\u0026w=2"
},
{
"name": "20010619 Re: pmpost - another nice symlink follower",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-06/0245.html"
},
{
"name": "2887",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/2887"
},
{
"name": "irix-pcp-pmpost-symlink(6724)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6724"
},
{
"name": "20010601-01-A",
"tags": [
"vendor-advisory",
"x_refsource_SGI",
"x_transferred"
],
"url": "ftp://patches.sgi.com/support/free/security/advisories/20010601-01-A"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2001-06-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The pmpost program in Performance Co-Pilot (PCP) before 2.2.1-3 allows a local user to gain privileges via a symlink attack on the NOTICES file in the PCP log directory (PCP_LOG_DIR)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2001-11-28T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20010618 pmpost - another nice symlink follower",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=99290754901708\u0026w=2"
},
{
"name": "20010619 Re: pmpost - another nice symlink follower",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-06/0245.html"
},
{
"name": "2887",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/2887"
},
{
"name": "irix-pcp-pmpost-symlink(6724)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6724"
},
{
"name": "20010601-01-A",
"tags": [
"vendor-advisory",
"x_refsource_SGI"
],
"url": "ftp://patches.sgi.com/support/free/security/advisories/20010601-01-A"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2001-0823",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The pmpost program in Performance Co-Pilot (PCP) before 2.2.1-3 allows a local user to gain privileges via a symlink attack on the NOTICES file in the PCP log directory (PCP_LOG_DIR)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20010618 pmpost - another nice symlink follower",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=99290754901708\u0026w=2"
},
{
"name": "20010619 Re: pmpost - another nice symlink follower",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-06/0245.html"
},
{
"name": "2887",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/2887"
},
{
"name": "irix-pcp-pmpost-symlink(6724)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6724"
},
{
"name": "20010601-01-A",
"refsource": "SGI",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20010601-01-A"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2001-0823",
"datePublished": "2002-03-09T05:00:00",
"dateReserved": "2001-11-22T00:00:00",
"dateUpdated": "2024-08-08T04:37:06.210Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-6917 (GCVE-0-2023-6917)
Vulnerability from nvd – Published: 2024-02-28 14:38 – Updated: 2025-11-20 18:07
VLAI?
Summary
A vulnerability has been identified in the Performance Co-Pilot (PCP) package, stemming from the mixed privilege levels utilized by systemd services associated with PCP. While certain services operate within the confines of limited PCP user/group privileges, others are granted full root privileges. This disparity in privilege levels poses a risk when privileged root processes interact with directories or directory trees owned by unprivileged PCP users. Specifically, this vulnerability may lead to the compromise of PCP user isolation and facilitate local PCP-to-root exploits, particularly through symlink attacks. These vulnerabilities underscore the importance of maintaining robust privilege separation mechanisms within PCP to mitigate the potential for unauthorized privilege escalation.
Severity ?
6 (Medium)
CWE
- CWE-378 - Creation of Temporary File With Insecure Permissions
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Red Hat | Red Hat Enterprise Linux 9 |
Unaffected:
0:6.2.0-1.el9 , < *
(rpm)
cpe:/a:redhat:enterprise_linux:9::appstream |
|||||||||||||||||
|
|||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:42:08.409Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2024:2213",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:2213"
},
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-6917"
},
{
"name": "RHBZ#2254983",
"tags": [
"issue-tracking",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254983"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-6917",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-28T20:00:24.999365Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-12T20:41:24.811Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:9::appstream"
],
"defaultStatus": "affected",
"packageName": "pcp",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:6.2.0-1.el9",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:6"
],
"defaultStatus": "unknown",
"packageName": "pcp",
"product": "Red Hat Enterprise Linux 6",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "unknown",
"packageName": "pcp",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "affected",
"packageName": "pcp",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
}
],
"datePublic": "2024-02-15T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in the Performance Co-Pilot (PCP) package, stemming from the mixed privilege levels utilized by systemd services associated with PCP. While certain services operate within the confines of limited PCP user/group privileges, others are granted full root privileges. This disparity in privilege levels poses a risk when privileged root processes interact with directories or directory trees owned by unprivileged PCP users. Specifically, this vulnerability may lead to the compromise of PCP user isolation and facilitate local PCP-to-root exploits, particularly through symlink attacks. These vulnerabilities underscore the importance of maintaining robust privilege separation mechanisms within PCP to mitigate the potential for unauthorized privilege escalation."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Moderate"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-378",
"description": "Creation of Temporary File With Insecure Permissions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-20T18:07:05.664Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2024:2213",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:2213"
},
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-6917"
},
{
"name": "RHBZ#2254983",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254983"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-12-14T00:00:00+00:00",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2024-02-15T00:00:00+00:00",
"value": "Made public."
}
],
"title": "Pcp: unsafe use of directories allows pcp to root privilege escalation",
"workarounds": [
{
"lang": "en",
"value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
}
],
"x_redhatCweChain": "(CWE-61|CWE-378): UNIX Symbolic Link (Symlink) Following or Creation of Temporary File With Insecure Permissions"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2023-6917",
"datePublished": "2024-02-28T14:38:19.258Z",
"dateReserved": "2023-12-18T11:14:14.230Z",
"dateUpdated": "2025-11-20T18:07:05.664Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2012-5530 (GCVE-0-2012-5530)
Vulnerability from nvd – Published: 2012-11-29 11:00 – Updated: 2024-08-06 21:05
VLAI?
Summary
The (1) pcmd and (2) pmlogger init scripts in Performance Co-Pilot (PCP) before 3.6.10 allow local users to overwrite arbitrary files via a symlink attack on a /var/tmp/##### temporary file.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:05:47.347Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "56656",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/56656"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=875842"
},
{
"name": "SUSE-SU-2013:0190",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00024.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=782967"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-11-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The (1) pcmd and (2) pmlogger init scripts in Performance Co-Pilot (PCP) before 3.6.10 allow local users to overwrite arbitrary files via a symlink attack on a /var/tmp/##### temporary file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-02-07T10:00:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "56656",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/56656"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=875842"
},
{
"name": "SUSE-SU-2013:0190",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00024.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=782967"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-5530",
"datePublished": "2012-11-29T11:00:00",
"dateReserved": "2012-10-24T00:00:00",
"dateUpdated": "2024-08-06T21:05:47.347Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-3420 (GCVE-0-2012-3420)
Vulnerability from nvd – Published: 2012-08-27 23:00 – Updated: 2024-08-06 20:05
VLAI?
Summary
Multiple memory leaks in Performance Co-Pilot (PCP) before 3.6.5 allow remote attackers to cause a denial of service (memory consumption or daemon crash) via a large number of PDUs with (1) a crafted context number to the DoFetch function in pmcd/src/dofetch.c or (2) a negative type value to the __pmGetPDU function in libpcp/src/pdu.c.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T20:05:12.163Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git%3Ba=blob%3Bf=CHANGELOG%3Bh=16c9cbb2f61d909487ea1c3171f4ab33e5648ac5%3Bhb=fe51067ae869a4d59f350ac319b09edcb77ac8e6"
},
{
"name": "openSUSE-SU-2012:1079",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "https://hermes.opensuse.org/messages/15540133"
},
{
"name": "openSUSE-SU-2012:1081",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "https://hermes.opensuse.org/messages/15540172"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=841319"
},
{
"name": "[oss-security] 20120816 pcp: Multiple security flaws",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/08/16/1"
},
{
"name": "FEDORA-2012-12076",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-August/085333.html"
},
{
"name": "openSUSE-SU-2012:1036",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "https://hermes.opensuse.org/messages/15471040"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=841704"
},
{
"name": "FEDORA-2012-12024",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-August/085324.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=841298"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git%3Ba=commit%3Bh=68fb968b4ee635bb301dc9ab64e633b0d66d27b4"
},
{
"name": "SUSE-SU-2013:0190",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00024.html"
},
{
"name": "DSA-2533",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2012/dsa-2533"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git%3Ba=commit%3Bh=a7dc844d3586ea79887655a97c4252a79751fdae"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-08-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple memory leaks in Performance Co-Pilot (PCP) before 3.6.5 allow remote attackers to cause a denial of service (memory consumption or daemon crash) via a large number of PDUs with (1) a crafted context number to the DoFetch function in pmcd/src/dofetch.c or (2) a negative type value to the __pmGetPDU function in libpcp/src/pdu.c."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-09-07T09:00:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git%3Ba=blob%3Bf=CHANGELOG%3Bh=16c9cbb2f61d909487ea1c3171f4ab33e5648ac5%3Bhb=fe51067ae869a4d59f350ac319b09edcb77ac8e6"
},
{
"name": "openSUSE-SU-2012:1079",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "https://hermes.opensuse.org/messages/15540133"
},
{
"name": "openSUSE-SU-2012:1081",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "https://hermes.opensuse.org/messages/15540172"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=841319"
},
{
"name": "[oss-security] 20120816 pcp: Multiple security flaws",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/08/16/1"
},
{
"name": "FEDORA-2012-12076",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-August/085333.html"
},
{
"name": "openSUSE-SU-2012:1036",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "https://hermes.opensuse.org/messages/15471040"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=841704"
},
{
"name": "FEDORA-2012-12024",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-August/085324.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=841298"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git%3Ba=commit%3Bh=68fb968b4ee635bb301dc9ab64e633b0d66d27b4"
},
{
"name": "SUSE-SU-2013:0190",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00024.html"
},
{
"name": "DSA-2533",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2012/dsa-2533"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git%3Ba=commit%3Bh=a7dc844d3586ea79887655a97c4252a79751fdae"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-3420",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple memory leaks in Performance Co-Pilot (PCP) before 3.6.5 allow remote attackers to cause a denial of service (memory consumption or daemon crash) via a large number of PDUs with (1) a crafted context number to the DoFetch function in pmcd/src/dofetch.c or (2) a negative type value to the __pmGetPDU function in libpcp/src/pdu.c."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git;a=blob;f=CHANGELOG;h=16c9cbb2f61d909487ea1c3171f4ab33e5648ac5;hb=fe51067ae869a4d59f350ac319b09edcb77ac8e6",
"refsource": "CONFIRM",
"url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git;a=blob;f=CHANGELOG;h=16c9cbb2f61d909487ea1c3171f4ab33e5648ac5;hb=fe51067ae869a4d59f350ac319b09edcb77ac8e6"
},
{
"name": "openSUSE-SU-2012:1079",
"refsource": "SUSE",
"url": "https://hermes.opensuse.org/messages/15540133"
},
{
"name": "openSUSE-SU-2012:1081",
"refsource": "SUSE",
"url": "https://hermes.opensuse.org/messages/15540172"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=841319",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=841319"
},
{
"name": "[oss-security] 20120816 pcp: Multiple security flaws",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/08/16/1"
},
{
"name": "FEDORA-2012-12076",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-August/085333.html"
},
{
"name": "openSUSE-SU-2012:1036",
"refsource": "SUSE",
"url": "https://hermes.opensuse.org/messages/15471040"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=841704",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=841704"
},
{
"name": "FEDORA-2012-12024",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-August/085324.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=841298",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=841298"
},
{
"name": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git;a=commit;h=68fb968b4ee635bb301dc9ab64e633b0d66d27b4",
"refsource": "CONFIRM",
"url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git;a=commit;h=68fb968b4ee635bb301dc9ab64e633b0d66d27b4"
},
{
"name": "SUSE-SU-2013:0190",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00024.html"
},
{
"name": "DSA-2533",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2012/dsa-2533"
},
{
"name": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git;a=commit;h=a7dc844d3586ea79887655a97c4252a79751fdae",
"refsource": "CONFIRM",
"url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git;a=commit;h=a7dc844d3586ea79887655a97c4252a79751fdae"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-3420",
"datePublished": "2012-08-27T23:00:00",
"dateReserved": "2012-06-14T00:00:00",
"dateUpdated": "2024-08-06T20:05:12.163Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-3418 (GCVE-0-2012-3418)
Vulnerability from nvd – Published: 2012-08-27 23:00 – Updated: 2024-08-06 20:05
VLAI?
Summary
libpcp in Performance Co-Pilot (PCP) before 3.6.5 allows remote attackers to cause a denial of service and possibly execute arbitrary code via (1) a PDU with the numcreds field value greater than the number of actual elements to the __pmDecodeCreds function in p_creds.c; (2) the string byte number value to the __pmDecodeNameList function in p_pmns.c; (3) the numids value to the __pmDecodeIDList function in p_pmns.c; (4) unspecified vectors to the __pmDecodeProfile function in p_profile.c; the (5) status number value or (6) string number value to the __pmDecodeNameList function in p_pmns.c; (7) certain input to the __pmDecodeResult function in p_result.c; (8) the name length field (namelen) to the DecodeNameReq function in p_pmns.c; (9) a crafted PDU_FETCH request to the __pmDecodeFetch function in p_fetch.c; (10) the namelen field in the __pmDecodeInstanceReq function in p_instance.c; (11) the buflen field to the __pmDecodeText function in p_text.c; (12) PDU_INSTANCE packets to the __pmDecodeInstance in p_instance.c; or the (13) c_numpmid or (14) v_numval fields to the __pmDecodeLogControl function in p_lcontrol.c, which triggers integer overflows, heap-based buffer overflows, and/or buffer over-reads.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T20:05:12.135Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=841249"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git%3Ba=commitdiff%3Bh=49c679c44425915a8d6aa4af5f90b35384843c12"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git%3Ba=blob%3Bf=CHANGELOG%3Bh=16c9cbb2f61d909487ea1c3171f4ab33e5648ac5%3Bhb=fe51067ae869a4d59f350ac319b09edcb77ac8e6"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=841183"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=840822"
},
{
"name": "openSUSE-SU-2012:1079",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "https://hermes.opensuse.org/messages/15540133"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=841698"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=841284"
},
{
"name": "openSUSE-SU-2012:1081",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "https://hermes.opensuse.org/messages/15540172"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git%3Ba=commit%3Bh=e4faa1f0ba29151340920d975fc7639adf8371d5"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git%3Ba=commit%3Bh=b441980d53be1835b25f0cd6bcc0062da82032dd"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=840920"
},
{
"name": "[oss-security] 20120816 pcp: Multiple security flaws",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/08/16/1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git%3Ba=commit%3Bh=babd6c5c527f87ec838c13a1b4eba612af6ea27c"
},
{
"name": "FEDORA-2012-12076",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-August/085333.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=841112"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git%3Ba=commit%3Bh=f190942b552aa80d59bbe718866aa00b8e3fd5cc"
},
{
"name": "openSUSE-SU-2012:1036",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "https://hermes.opensuse.org/messages/15471040"
},
{
"name": "FEDORA-2012-12024",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-August/085324.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git%3Ba=commitdiff%3Bh=f0eaefe046b1061797f45b0c20bb2ac371b504a5"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=841126"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=841159"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git%3Ba=commitdiff%3Bh=7eb479b91ef12bf89a15b078af2107c8c4746a4a"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git%3Ba=commitdiff%3Bh=9f4e392c97ce42744ec73f82268ce6c815fdca0e"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=841240"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=841180"
},
{
"name": "SUSE-SU-2013:0190",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00024.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git%3Ba=commitdiff%3Bh=cced6012b4b93bfb640a9678589ced5416743910"
},
{
"name": "DSA-2533",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2012/dsa-2533"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git%3Ba=commitdiff%3Bh=bfb3ab8c6b3d75b1a6580feee76a7d0925a3633c"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-08-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "libpcp in Performance Co-Pilot (PCP) before 3.6.5 allows remote attackers to cause a denial of service and possibly execute arbitrary code via (1) a PDU with the numcreds field value greater than the number of actual elements to the __pmDecodeCreds function in p_creds.c; (2) the string byte number value to the __pmDecodeNameList function in p_pmns.c; (3) the numids value to the __pmDecodeIDList function in p_pmns.c; (4) unspecified vectors to the __pmDecodeProfile function in p_profile.c; the (5) status number value or (6) string number value to the __pmDecodeNameList function in p_pmns.c; (7) certain input to the __pmDecodeResult function in p_result.c; (8) the name length field (namelen) to the DecodeNameReq function in p_pmns.c; (9) a crafted PDU_FETCH request to the __pmDecodeFetch function in p_fetch.c; (10) the namelen field in the __pmDecodeInstanceReq function in p_instance.c; (11) the buflen field to the __pmDecodeText function in p_text.c; (12) PDU_INSTANCE packets to the __pmDecodeInstance in p_instance.c; or the (13) c_numpmid or (14) v_numval fields to the __pmDecodeLogControl function in p_lcontrol.c, which triggers integer overflows, heap-based buffer overflows, and/or buffer over-reads."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-09-07T09:00:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=841249"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git%3Ba=commitdiff%3Bh=49c679c44425915a8d6aa4af5f90b35384843c12"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git%3Ba=blob%3Bf=CHANGELOG%3Bh=16c9cbb2f61d909487ea1c3171f4ab33e5648ac5%3Bhb=fe51067ae869a4d59f350ac319b09edcb77ac8e6"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=841183"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=840822"
},
{
"name": "openSUSE-SU-2012:1079",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "https://hermes.opensuse.org/messages/15540133"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=841698"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=841284"
},
{
"name": "openSUSE-SU-2012:1081",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "https://hermes.opensuse.org/messages/15540172"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git%3Ba=commit%3Bh=e4faa1f0ba29151340920d975fc7639adf8371d5"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git%3Ba=commit%3Bh=b441980d53be1835b25f0cd6bcc0062da82032dd"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=840920"
},
{
"name": "[oss-security] 20120816 pcp: Multiple security flaws",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/08/16/1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git%3Ba=commit%3Bh=babd6c5c527f87ec838c13a1b4eba612af6ea27c"
},
{
"name": "FEDORA-2012-12076",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-August/085333.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=841112"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git%3Ba=commit%3Bh=f190942b552aa80d59bbe718866aa00b8e3fd5cc"
},
{
"name": "openSUSE-SU-2012:1036",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "https://hermes.opensuse.org/messages/15471040"
},
{
"name": "FEDORA-2012-12024",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-August/085324.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git%3Ba=commitdiff%3Bh=f0eaefe046b1061797f45b0c20bb2ac371b504a5"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=841126"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=841159"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git%3Ba=commitdiff%3Bh=7eb479b91ef12bf89a15b078af2107c8c4746a4a"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git%3Ba=commitdiff%3Bh=9f4e392c97ce42744ec73f82268ce6c815fdca0e"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=841240"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=841180"
},
{
"name": "SUSE-SU-2013:0190",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00024.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git%3Ba=commitdiff%3Bh=cced6012b4b93bfb640a9678589ced5416743910"
},
{
"name": "DSA-2533",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2012/dsa-2533"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git%3Ba=commitdiff%3Bh=bfb3ab8c6b3d75b1a6580feee76a7d0925a3633c"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-3418",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "libpcp in Performance Co-Pilot (PCP) before 3.6.5 allows remote attackers to cause a denial of service and possibly execute arbitrary code via (1) a PDU with the numcreds field value greater than the number of actual elements to the __pmDecodeCreds function in p_creds.c; (2) the string byte number value to the __pmDecodeNameList function in p_pmns.c; (3) the numids value to the __pmDecodeIDList function in p_pmns.c; (4) unspecified vectors to the __pmDecodeProfile function in p_profile.c; the (5) status number value or (6) string number value to the __pmDecodeNameList function in p_pmns.c; (7) certain input to the __pmDecodeResult function in p_result.c; (8) the name length field (namelen) to the DecodeNameReq function in p_pmns.c; (9) a crafted PDU_FETCH request to the __pmDecodeFetch function in p_fetch.c; (10) the namelen field in the __pmDecodeInstanceReq function in p_instance.c; (11) the buflen field to the __pmDecodeText function in p_text.c; (12) PDU_INSTANCE packets to the __pmDecodeInstance in p_instance.c; or the (13) c_numpmid or (14) v_numval fields to the __pmDecodeLogControl function in p_lcontrol.c, which triggers integer overflows, heap-based buffer overflows, and/or buffer over-reads."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=841249",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=841249"
},
{
"name": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git;a=commitdiff;h=49c679c44425915a8d6aa4af5f90b35384843c12",
"refsource": "CONFIRM",
"url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git;a=commitdiff;h=49c679c44425915a8d6aa4af5f90b35384843c12"
},
{
"name": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git;a=blob;f=CHANGELOG;h=16c9cbb2f61d909487ea1c3171f4ab33e5648ac5;hb=fe51067ae869a4d59f350ac319b09edcb77ac8e6",
"refsource": "CONFIRM",
"url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git;a=blob;f=CHANGELOG;h=16c9cbb2f61d909487ea1c3171f4ab33e5648ac5;hb=fe51067ae869a4d59f350ac319b09edcb77ac8e6"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=841183",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=841183"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=840822",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=840822"
},
{
"name": "openSUSE-SU-2012:1079",
"refsource": "SUSE",
"url": "https://hermes.opensuse.org/messages/15540133"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=841698",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=841698"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=841284",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=841284"
},
{
"name": "openSUSE-SU-2012:1081",
"refsource": "SUSE",
"url": "https://hermes.opensuse.org/messages/15540172"
},
{
"name": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git;a=commit;h=e4faa1f0ba29151340920d975fc7639adf8371d5",
"refsource": "CONFIRM",
"url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git;a=commit;h=e4faa1f0ba29151340920d975fc7639adf8371d5"
},
{
"name": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git;a=commit;h=b441980d53be1835b25f0cd6bcc0062da82032dd",
"refsource": "CONFIRM",
"url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git;a=commit;h=b441980d53be1835b25f0cd6bcc0062da82032dd"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=840920",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=840920"
},
{
"name": "[oss-security] 20120816 pcp: Multiple security flaws",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/08/16/1"
},
{
"name": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git;a=commit;h=babd6c5c527f87ec838c13a1b4eba612af6ea27c",
"refsource": "CONFIRM",
"url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git;a=commit;h=babd6c5c527f87ec838c13a1b4eba612af6ea27c"
},
{
"name": "FEDORA-2012-12076",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-August/085333.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=841112",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=841112"
},
{
"name": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git;a=commit;h=f190942b552aa80d59bbe718866aa00b8e3fd5cc",
"refsource": "CONFIRM",
"url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git;a=commit;h=f190942b552aa80d59bbe718866aa00b8e3fd5cc"
},
{
"name": "openSUSE-SU-2012:1036",
"refsource": "SUSE",
"url": "https://hermes.opensuse.org/messages/15471040"
},
{
"name": "FEDORA-2012-12024",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-August/085324.html"
},
{
"name": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git;a=commitdiff;h=f0eaefe046b1061797f45b0c20bb2ac371b504a5",
"refsource": "CONFIRM",
"url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git;a=commitdiff;h=f0eaefe046b1061797f45b0c20bb2ac371b504a5"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=841126",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=841126"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=841159",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=841159"
},
{
"name": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git;a=commitdiff;h=7eb479b91ef12bf89a15b078af2107c8c4746a4a",
"refsource": "CONFIRM",
"url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git;a=commitdiff;h=7eb479b91ef12bf89a15b078af2107c8c4746a4a"
},
{
"name": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git;a=commitdiff;h=9f4e392c97ce42744ec73f82268ce6c815fdca0e",
"refsource": "CONFIRM",
"url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git;a=commitdiff;h=9f4e392c97ce42744ec73f82268ce6c815fdca0e"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=841240",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=841240"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=841180",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=841180"
},
{
"name": "SUSE-SU-2013:0190",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00024.html"
},
{
"name": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git;a=commitdiff;h=cced6012b4b93bfb640a9678589ced5416743910",
"refsource": "CONFIRM",
"url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git;a=commitdiff;h=cced6012b4b93bfb640a9678589ced5416743910"
},
{
"name": "DSA-2533",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2012/dsa-2533"
},
{
"name": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git;a=commitdiff;h=bfb3ab8c6b3d75b1a6580feee76a7d0925a3633c",
"refsource": "CONFIRM",
"url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git;a=commitdiff;h=bfb3ab8c6b3d75b1a6580feee76a7d0925a3633c"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-3418",
"datePublished": "2012-08-27T23:00:00",
"dateReserved": "2012-06-14T00:00:00",
"dateUpdated": "2024-08-06T20:05:12.135Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-3419 (GCVE-0-2012-3419)
Vulnerability from nvd – Published: 2012-08-27 23:00 – Updated: 2024-08-06 20:05
VLAI?
Summary
Performance Co-Pilot (PCP) before 3.6.5 exports some of the /proc file system, which allows attackers to obtain sensitive information such as proc/pid/maps and command line arguments.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T20:05:12.091Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git%3Ba=blob%3Bf=CHANGELOG%3Bh=16c9cbb2f61d909487ea1c3171f4ab33e5648ac5%3Bhb=fe51067ae869a4d59f350ac319b09edcb77ac8e6"
},
{
"name": "openSUSE-SU-2012:1079",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "https://hermes.opensuse.org/messages/15540133"
},
{
"name": "openSUSE-SU-2012:1081",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "https://hermes.opensuse.org/messages/15540172"
},
{
"name": "[oss-security] 20120816 pcp: Multiple security flaws",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/08/16/1"
},
{
"name": "FEDORA-2012-12076",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-August/085333.html"
},
{
"name": "openSUSE-SU-2012:1036",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "https://hermes.opensuse.org/messages/15471040"
},
{
"name": "FEDORA-2012-12024",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-August/085324.html"
},
{
"name": "SUSE-SU-2013:0190",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00024.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=841702"
},
{
"name": "DSA-2533",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2012/dsa-2533"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-08-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Performance Co-Pilot (PCP) before 3.6.5 exports some of the /proc file system, which allows attackers to obtain sensitive information such as proc/pid/maps and command line arguments."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-09-07T09:00:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git%3Ba=blob%3Bf=CHANGELOG%3Bh=16c9cbb2f61d909487ea1c3171f4ab33e5648ac5%3Bhb=fe51067ae869a4d59f350ac319b09edcb77ac8e6"
},
{
"name": "openSUSE-SU-2012:1079",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "https://hermes.opensuse.org/messages/15540133"
},
{
"name": "openSUSE-SU-2012:1081",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "https://hermes.opensuse.org/messages/15540172"
},
{
"name": "[oss-security] 20120816 pcp: Multiple security flaws",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/08/16/1"
},
{
"name": "FEDORA-2012-12076",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-August/085333.html"
},
{
"name": "openSUSE-SU-2012:1036",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "https://hermes.opensuse.org/messages/15471040"
},
{
"name": "FEDORA-2012-12024",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-August/085324.html"
},
{
"name": "SUSE-SU-2013:0190",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00024.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=841702"
},
{
"name": "DSA-2533",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2012/dsa-2533"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-3419",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Performance Co-Pilot (PCP) before 3.6.5 exports some of the /proc file system, which allows attackers to obtain sensitive information such as proc/pid/maps and command line arguments."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git;a=blob;f=CHANGELOG;h=16c9cbb2f61d909487ea1c3171f4ab33e5648ac5;hb=fe51067ae869a4d59f350ac319b09edcb77ac8e6",
"refsource": "CONFIRM",
"url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git;a=blob;f=CHANGELOG;h=16c9cbb2f61d909487ea1c3171f4ab33e5648ac5;hb=fe51067ae869a4d59f350ac319b09edcb77ac8e6"
},
{
"name": "openSUSE-SU-2012:1079",
"refsource": "SUSE",
"url": "https://hermes.opensuse.org/messages/15540133"
},
{
"name": "openSUSE-SU-2012:1081",
"refsource": "SUSE",
"url": "https://hermes.opensuse.org/messages/15540172"
},
{
"name": "[oss-security] 20120816 pcp: Multiple security flaws",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/08/16/1"
},
{
"name": "FEDORA-2012-12076",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-August/085333.html"
},
{
"name": "openSUSE-SU-2012:1036",
"refsource": "SUSE",
"url": "https://hermes.opensuse.org/messages/15471040"
},
{
"name": "FEDORA-2012-12024",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-August/085324.html"
},
{
"name": "SUSE-SU-2013:0190",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00024.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=841702",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=841702"
},
{
"name": "DSA-2533",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2012/dsa-2533"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-3419",
"datePublished": "2012-08-27T23:00:00",
"dateReserved": "2012-06-14T00:00:00",
"dateUpdated": "2024-08-06T20:05:12.091Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-3421 (GCVE-0-2012-3421)
Vulnerability from nvd – Published: 2012-08-27 23:00 – Updated: 2024-08-06 20:05
VLAI?
Summary
The pduread function in pdu.c in libpcp in Performance Co-Pilot (PCP) before 3.6.5 does not properly time out connections, which allows remote attackers to cause a denial of service (pmcd hang) by sending individual bytes of a PDU separately, related to an "event-driven programming flaw."
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T20:05:12.583Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git%3Ba=blob%3Bf=CHANGELOG%3Bh=16c9cbb2f61d909487ea1c3171f4ab33e5648ac5%3Bhb=fe51067ae869a4d59f350ac319b09edcb77ac8e6"
},
{
"name": "openSUSE-SU-2012:1079",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "https://hermes.opensuse.org/messages/15540133"
},
{
"name": "openSUSE-SU-2012:1081",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "https://hermes.opensuse.org/messages/15540172"
},
{
"name": "[oss-security] 20120816 pcp: Multiple security flaws",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/08/16/1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git%3Ba=commit%3Bh=9ba85dca940de976176ce196fd5e3c4170936354"
},
{
"name": "FEDORA-2012-12076",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-August/085333.html"
},
{
"name": "openSUSE-SU-2012:1036",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "https://hermes.opensuse.org/messages/15471040"
},
{
"name": "FEDORA-2012-12024",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-August/085324.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=841706"
},
{
"name": "SUSE-SU-2013:0190",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00024.html"
},
{
"name": "DSA-2533",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2012/dsa-2533"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-08-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The pduread function in pdu.c in libpcp in Performance Co-Pilot (PCP) before 3.6.5 does not properly time out connections, which allows remote attackers to cause a denial of service (pmcd hang) by sending individual bytes of a PDU separately, related to an \"event-driven programming flaw.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-09-07T09:00:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git%3Ba=blob%3Bf=CHANGELOG%3Bh=16c9cbb2f61d909487ea1c3171f4ab33e5648ac5%3Bhb=fe51067ae869a4d59f350ac319b09edcb77ac8e6"
},
{
"name": "openSUSE-SU-2012:1079",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "https://hermes.opensuse.org/messages/15540133"
},
{
"name": "openSUSE-SU-2012:1081",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "https://hermes.opensuse.org/messages/15540172"
},
{
"name": "[oss-security] 20120816 pcp: Multiple security flaws",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/08/16/1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git%3Ba=commit%3Bh=9ba85dca940de976176ce196fd5e3c4170936354"
},
{
"name": "FEDORA-2012-12076",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-August/085333.html"
},
{
"name": "openSUSE-SU-2012:1036",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "https://hermes.opensuse.org/messages/15471040"
},
{
"name": "FEDORA-2012-12024",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-August/085324.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=841706"
},
{
"name": "SUSE-SU-2013:0190",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00024.html"
},
{
"name": "DSA-2533",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2012/dsa-2533"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-3421",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The pduread function in pdu.c in libpcp in Performance Co-Pilot (PCP) before 3.6.5 does not properly time out connections, which allows remote attackers to cause a denial of service (pmcd hang) by sending individual bytes of a PDU separately, related to an \"event-driven programming flaw.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git;a=blob;f=CHANGELOG;h=16c9cbb2f61d909487ea1c3171f4ab33e5648ac5;hb=fe51067ae869a4d59f350ac319b09edcb77ac8e6",
"refsource": "CONFIRM",
"url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git;a=blob;f=CHANGELOG;h=16c9cbb2f61d909487ea1c3171f4ab33e5648ac5;hb=fe51067ae869a4d59f350ac319b09edcb77ac8e6"
},
{
"name": "openSUSE-SU-2012:1079",
"refsource": "SUSE",
"url": "https://hermes.opensuse.org/messages/15540133"
},
{
"name": "openSUSE-SU-2012:1081",
"refsource": "SUSE",
"url": "https://hermes.opensuse.org/messages/15540172"
},
{
"name": "[oss-security] 20120816 pcp: Multiple security flaws",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/08/16/1"
},
{
"name": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git;a=commit;h=9ba85dca940de976176ce196fd5e3c4170936354",
"refsource": "CONFIRM",
"url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git;a=commit;h=9ba85dca940de976176ce196fd5e3c4170936354"
},
{
"name": "FEDORA-2012-12076",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-August/085333.html"
},
{
"name": "openSUSE-SU-2012:1036",
"refsource": "SUSE",
"url": "https://hermes.opensuse.org/messages/15471040"
},
{
"name": "FEDORA-2012-12024",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-August/085324.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=841706",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=841706"
},
{
"name": "SUSE-SU-2013:0190",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00024.html"
},
{
"name": "DSA-2533",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2012/dsa-2533"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-3421",
"datePublished": "2012-08-27T23:00:00",
"dateReserved": "2012-06-14T00:00:00",
"dateUpdated": "2024-08-06T20:05:12.583Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2001-0823 (GCVE-0-2001-0823)
Vulnerability from nvd – Published: 2002-03-09 05:00 – Updated: 2024-08-08 04:37
VLAI?
Summary
The pmpost program in Performance Co-Pilot (PCP) before 2.2.1-3 allows a local user to gain privileges via a symlink attack on the NOTICES file in the PCP log directory (PCP_LOG_DIR).
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T04:37:06.210Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20010618 pmpost - another nice symlink follower",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=99290754901708\u0026w=2"
},
{
"name": "20010619 Re: pmpost - another nice symlink follower",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-06/0245.html"
},
{
"name": "2887",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/2887"
},
{
"name": "irix-pcp-pmpost-symlink(6724)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6724"
},
{
"name": "20010601-01-A",
"tags": [
"vendor-advisory",
"x_refsource_SGI",
"x_transferred"
],
"url": "ftp://patches.sgi.com/support/free/security/advisories/20010601-01-A"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2001-06-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The pmpost program in Performance Co-Pilot (PCP) before 2.2.1-3 allows a local user to gain privileges via a symlink attack on the NOTICES file in the PCP log directory (PCP_LOG_DIR)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2001-11-28T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20010618 pmpost - another nice symlink follower",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=99290754901708\u0026w=2"
},
{
"name": "20010619 Re: pmpost - another nice symlink follower",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-06/0245.html"
},
{
"name": "2887",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/2887"
},
{
"name": "irix-pcp-pmpost-symlink(6724)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6724"
},
{
"name": "20010601-01-A",
"tags": [
"vendor-advisory",
"x_refsource_SGI"
],
"url": "ftp://patches.sgi.com/support/free/security/advisories/20010601-01-A"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2001-0823",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The pmpost program in Performance Co-Pilot (PCP) before 2.2.1-3 allows a local user to gain privileges via a symlink attack on the NOTICES file in the PCP log directory (PCP_LOG_DIR)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20010618 pmpost - another nice symlink follower",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=99290754901708\u0026w=2"
},
{
"name": "20010619 Re: pmpost - another nice symlink follower",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-06/0245.html"
},
{
"name": "2887",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/2887"
},
{
"name": "irix-pcp-pmpost-symlink(6724)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6724"
},
{
"name": "20010601-01-A",
"refsource": "SGI",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20010601-01-A"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2001-0823",
"datePublished": "2002-03-09T05:00:00",
"dateReserved": "2001-11-22T00:00:00",
"dateUpdated": "2024-08-08T04:37:06.210Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}