Search

Find a vulnerability

Search criteria

    14 vulnerabilities found for performance_co-pilot by sgi

    CVE-2023-6917 (GCVE-0-2023-6917)

    Vulnerability from nvd – Published: 2024-02-28 14:38 – Updated: 2026-02-25 18:20
    VLAI
    Title
    Pcp: unsafe use of directories allows pcp to root privilege escalation
    Summary
    A vulnerability has been identified in the Performance Co-Pilot (PCP) package, stemming from the mixed privilege levels utilized by systemd services associated with PCP. While certain services operate within the confines of limited PCP user/group privileges, others are granted full root privileges. This disparity in privilege levels poses a risk when privileged root processes interact with directories or directory trees owned by unprivileged PCP users. Specifically, this vulnerability may lead to the compromise of PCP user isolation and facilitate local PCP-to-root exploits, particularly through symlink attacks. These vulnerabilities underscore the importance of maintaining robust privilege separation mechanisms within PCP to mitigate the potential for unauthorized privilege escalation.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-367 - Time-of-check Time-of-use (TOCTOU) Race Condition
    Assigner
    References
    URL Tags
    https://access.redhat.com/errata/RHSA-2024:2213 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/security/cve/CVE-2023-6917 vdb-entryx_refsource_REDHAT
    https://bugzilla.redhat.com/show_bug.cgi?id=2254983 issue-trackingx_refsource_REDHAT
    Impacted products
    Vendor Product Version
    Red Hat Red Hat Enterprise Linux 9 Unaffected: 0:6.2.0-1.el9 , < * (rpm)
        cpe:/a:redhat:enterprise_linux:9::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 6     cpe:/o:redhat:enterprise_linux:6
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 7     cpe:/o:redhat:enterprise_linux:7
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8     cpe:/o:redhat:enterprise_linux:8
    Create a notification for this product.
    Date Public
    2024-02-15 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T08:42:08.409Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "RHSA-2024:2213",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:2213"
              },
              {
                "tags": [
                  "vdb-entry",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/security/cve/CVE-2023-6917"
              },
              {
                "name": "RHBZ#2254983",
                "tags": [
                  "issue-tracking",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254983"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-6917",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-02-28T20:00:24.999365Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-08-12T20:41:24.811Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:9::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "pcp",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:6.2.0-1.el9",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:6"
              ],
              "defaultStatus": "unknown",
              "packageName": "pcp",
              "product": "Red Hat Enterprise Linux 6",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:7"
              ],
              "defaultStatus": "unknown",
              "packageName": "pcp",
              "product": "Red Hat Enterprise Linux 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:8"
              ],
              "defaultStatus": "affected",
              "packageName": "pcp",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat"
            }
          ],
          "datePublic": "2024-02-15T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability has been identified in the Performance Co-Pilot (PCP) package, stemming from the mixed privilege levels utilized by systemd services associated with PCP. While certain services operate within the confines of limited PCP user/group privileges, others are granted full root privileges. This disparity in privilege levels poses a risk when privileged root processes interact with directories or directory trees owned by unprivileged PCP users. Specifically, this vulnerability may lead to the compromise of PCP user isolation and facilitate local PCP-to-root exploits, particularly through symlink attacks. These vulnerabilities underscore the importance of maintaining robust privilege separation mechanisms within PCP to mitigate the potential for unauthorized privilege escalation."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Moderate"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 6,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-367",
                  "description": "Time-of-check Time-of-use (TOCTOU) Race Condition",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-25T18:20:20.221Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHSA-2024:2213",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:2213"
            },
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2023-6917"
            },
            {
              "name": "RHBZ#2254983",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254983"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2023-12-14T00:00:00.000Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2024-02-15T00:00:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Pcp: unsafe use of directories allows pcp to root privilege escalation",
          "workarounds": [
            {
              "lang": "en",
              "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
            }
          ],
          "x_generator": {
            "engine": "cvelib 1.8.0"
          },
          "x_redhatCweChain": "CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2023-6917",
        "datePublished": "2024-02-28T14:38:19.258Z",
        "dateReserved": "2023-12-18T11:14:14.230Z",
        "dateUpdated": "2026-02-25T18:20:20.221Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2012-5530 (GCVE-0-2012-5530)

    Vulnerability from nvd – Published: 2012-11-29 11:00 – Updated: 2024-08-06 21:05
    VLAI
    Summary
    The (1) pcmd and (2) pmlogger init scripts in Performance Co-Pilot (PCP) before 3.6.10 allow local users to overwrite arbitrary files via a symlink attack on a /var/tmp/##### temporary file.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2012-11-19 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T21:05:47.347Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "56656",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/56656"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=875842"
              },
              {
                "name": "SUSE-SU-2013:0190",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00024.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.novell.com/show_bug.cgi?id=782967"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2012-11-19T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The (1) pcmd and (2) pmlogger init scripts in Performance Co-Pilot (PCP) before 3.6.10 allow local users to overwrite arbitrary files via a symlink attack on a /var/tmp/##### temporary file."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2013-02-07T10:00:00.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "56656",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/56656"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=875842"
            },
            {
              "name": "SUSE-SU-2013:0190",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00024.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.novell.com/show_bug.cgi?id=782967"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2012-5530",
        "datePublished": "2012-11-29T11:00:00.000Z",
        "dateReserved": "2012-10-24T00:00:00.000Z",
        "dateUpdated": "2024-08-06T21:05:47.347Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2012-3421 (GCVE-0-2012-3421)

    Vulnerability from nvd – Published: 2012-08-27 23:00 – Updated: 2024-08-06 20:05
    VLAI
    Summary
    The pduread function in pdu.c in libpcp in Performance Co-Pilot (PCP) before 3.6.5 does not properly time out connections, which allows remote attackers to cause a denial of service (pmcd hang) by sending individual bytes of a PDU separately, related to an "event-driven programming flaw."
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2012-08-12 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T20:05:12.583Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git%3Ba=blob%3Bf=CHANGELOG%3Bh=16c9cbb2f61d909487ea1c3171f4ab33e5648ac5%3Bhb=fe51067ae869a4d59f350ac319b09edcb77ac8e6"
              },
              {
                "name": "openSUSE-SU-2012:1079",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "https://hermes.opensuse.org/messages/15540133"
              },
              {
                "name": "openSUSE-SU-2012:1081",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "https://hermes.opensuse.org/messages/15540172"
              },
              {
                "name": "[oss-security] 20120816 pcp: Multiple security flaws",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2012/08/16/1"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git%3Ba=commit%3Bh=9ba85dca940de976176ce196fd5e3c4170936354"
              },
              {
                "name": "FEDORA-2012-12076",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-August/085333.html"
              },
              {
                "name": "openSUSE-SU-2012:1036",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "https://hermes.opensuse.org/messages/15471040"
              },
              {
                "name": "FEDORA-2012-12024",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-August/085324.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=841706"
              },
              {
                "name": "SUSE-SU-2013:0190",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00024.html"
              },
              {
                "name": "DSA-2533",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2012/dsa-2533"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2012-08-12T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The pduread function in pdu.c in libpcp in Performance Co-Pilot (PCP) before 3.6.5 does not properly time out connections, which allows remote attackers to cause a denial of service (pmcd hang) by sending individual bytes of a PDU separately, related to an \"event-driven programming flaw.\""
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2012-09-07T09:00:00.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git%3Ba=blob%3Bf=CHANGELOG%3Bh=16c9cbb2f61d909487ea1c3171f4ab33e5648ac5%3Bhb=fe51067ae869a4d59f350ac319b09edcb77ac8e6"
            },
            {
              "name": "openSUSE-SU-2012:1079",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "https://hermes.opensuse.org/messages/15540133"
            },
            {
              "name": "openSUSE-SU-2012:1081",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "https://hermes.opensuse.org/messages/15540172"
            },
            {
              "name": "[oss-security] 20120816 pcp: Multiple security flaws",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2012/08/16/1"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git%3Ba=commit%3Bh=9ba85dca940de976176ce196fd5e3c4170936354"
            },
            {
              "name": "FEDORA-2012-12076",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-August/085333.html"
            },
            {
              "name": "openSUSE-SU-2012:1036",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "https://hermes.opensuse.org/messages/15471040"
            },
            {
              "name": "FEDORA-2012-12024",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-August/085324.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=841706"
            },
            {
              "name": "SUSE-SU-2013:0190",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00024.html"
            },
            {
              "name": "DSA-2533",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2012/dsa-2533"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secalert@redhat.com",
              "ID": "CVE-2012-3421",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The pduread function in pdu.c in libpcp in Performance Co-Pilot (PCP) before 3.6.5 does not properly time out connections, which allows remote attackers to cause a denial of service (pmcd hang) by sending individual bytes of a PDU separately, related to an \"event-driven programming flaw.\""
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git;a=blob;f=CHANGELOG;h=16c9cbb2f61d909487ea1c3171f4ab33e5648ac5;hb=fe51067ae869a4d59f350ac319b09edcb77ac8e6",
                  "refsource": "CONFIRM",
                  "url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git;a=blob;f=CHANGELOG;h=16c9cbb2f61d909487ea1c3171f4ab33e5648ac5;hb=fe51067ae869a4d59f350ac319b09edcb77ac8e6"
                },
                {
                  "name": "openSUSE-SU-2012:1079",
                  "refsource": "SUSE",
                  "url": "https://hermes.opensuse.org/messages/15540133"
                },
                {
                  "name": "openSUSE-SU-2012:1081",
                  "refsource": "SUSE",
                  "url": "https://hermes.opensuse.org/messages/15540172"
                },
                {
                  "name": "[oss-security] 20120816 pcp: Multiple security flaws",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2012/08/16/1"
                },
                {
                  "name": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git;a=commit;h=9ba85dca940de976176ce196fd5e3c4170936354",
                  "refsource": "CONFIRM",
                  "url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git;a=commit;h=9ba85dca940de976176ce196fd5e3c4170936354"
                },
                {
                  "name": "FEDORA-2012-12076",
                  "refsource": "FEDORA",
                  "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-August/085333.html"
                },
                {
                  "name": "openSUSE-SU-2012:1036",
                  "refsource": "SUSE",
                  "url": "https://hermes.opensuse.org/messages/15471040"
                },
                {
                  "name": "FEDORA-2012-12024",
                  "refsource": "FEDORA",
                  "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-August/085324.html"
                },
                {
                  "name": "https://bugzilla.redhat.com/show_bug.cgi?id=841706",
                  "refsource": "MISC",
                  "url": "https://bugzilla.redhat.com/show_bug.cgi?id=841706"
                },
                {
                  "name": "SUSE-SU-2013:0190",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00024.html"
                },
                {
                  "name": "DSA-2533",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2012/dsa-2533"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2012-3421",
        "datePublished": "2012-08-27T23:00:00.000Z",
        "dateReserved": "2012-06-14T00:00:00.000Z",
        "dateUpdated": "2024-08-06T20:05:12.583Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2012-3420 (GCVE-0-2012-3420)

    Vulnerability from nvd – Published: 2012-08-27 23:00 – Updated: 2024-08-06 20:05
    VLAI
    Summary
    Multiple memory leaks in Performance Co-Pilot (PCP) before 3.6.5 allow remote attackers to cause a denial of service (memory consumption or daemon crash) via a large number of PDUs with (1) a crafted context number to the DoFetch function in pmcd/src/dofetch.c or (2) a negative type value to the __pmGetPDU function in libpcp/src/pdu.c.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Date Public
    2012-08-12 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T20:05:12.163Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git%3Ba=blob%3Bf=CHANGELOG%3Bh=16c9cbb2f61d909487ea1c3171f4ab33e5648ac5%3Bhb=fe51067ae869a4d59f350ac319b09edcb77ac8e6"
              },
              {
                "name": "openSUSE-SU-2012:1079",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "https://hermes.opensuse.org/messages/15540133"
              },
              {
                "name": "openSUSE-SU-2012:1081",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "https://hermes.opensuse.org/messages/15540172"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=841319"
              },
              {
                "name": "[oss-security] 20120816 pcp: Multiple security flaws",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2012/08/16/1"
              },
              {
                "name": "FEDORA-2012-12076",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-August/085333.html"
              },
              {
                "name": "openSUSE-SU-2012:1036",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "https://hermes.opensuse.org/messages/15471040"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=841704"
              },
              {
                "name": "FEDORA-2012-12024",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-August/085324.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=841298"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git%3Ba=commit%3Bh=68fb968b4ee635bb301dc9ab64e633b0d66d27b4"
              },
              {
                "name": "SUSE-SU-2013:0190",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00024.html"
              },
              {
                "name": "DSA-2533",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2012/dsa-2533"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git%3Ba=commit%3Bh=a7dc844d3586ea79887655a97c4252a79751fdae"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2012-08-12T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple memory leaks in Performance Co-Pilot (PCP) before 3.6.5 allow remote attackers to cause a denial of service (memory consumption or daemon crash) via a large number of PDUs with (1) a crafted context number to the DoFetch function in pmcd/src/dofetch.c or (2) a negative type value to the __pmGetPDU function in libpcp/src/pdu.c."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2012-09-07T09:00:00.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git%3Ba=blob%3Bf=CHANGELOG%3Bh=16c9cbb2f61d909487ea1c3171f4ab33e5648ac5%3Bhb=fe51067ae869a4d59f350ac319b09edcb77ac8e6"
            },
            {
              "name": "openSUSE-SU-2012:1079",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "https://hermes.opensuse.org/messages/15540133"
            },
            {
              "name": "openSUSE-SU-2012:1081",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "https://hermes.opensuse.org/messages/15540172"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=841319"
            },
            {
              "name": "[oss-security] 20120816 pcp: Multiple security flaws",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2012/08/16/1"
            },
            {
              "name": "FEDORA-2012-12076",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-August/085333.html"
            },
            {
              "name": "openSUSE-SU-2012:1036",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "https://hermes.opensuse.org/messages/15471040"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=841704"
            },
            {
              "name": "FEDORA-2012-12024",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-August/085324.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=841298"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git%3Ba=commit%3Bh=68fb968b4ee635bb301dc9ab64e633b0d66d27b4"
            },
            {
              "name": "SUSE-SU-2013:0190",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00024.html"
            },
            {
              "name": "DSA-2533",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2012/dsa-2533"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git%3Ba=commit%3Bh=a7dc844d3586ea79887655a97c4252a79751fdae"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secalert@redhat.com",
              "ID": "CVE-2012-3420",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Multiple memory leaks in Performance Co-Pilot (PCP) before 3.6.5 allow remote attackers to cause a denial of service (memory consumption or daemon crash) via a large number of PDUs with (1) a crafted context number to the DoFetch function in pmcd/src/dofetch.c or (2) a negative type value to the __pmGetPDU function in libpcp/src/pdu.c."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git;a=blob;f=CHANGELOG;h=16c9cbb2f61d909487ea1c3171f4ab33e5648ac5;hb=fe51067ae869a4d59f350ac319b09edcb77ac8e6",
                  "refsource": "CONFIRM",
                  "url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git;a=blob;f=CHANGELOG;h=16c9cbb2f61d909487ea1c3171f4ab33e5648ac5;hb=fe51067ae869a4d59f350ac319b09edcb77ac8e6"
                },
                {
                  "name": "openSUSE-SU-2012:1079",
                  "refsource": "SUSE",
                  "url": "https://hermes.opensuse.org/messages/15540133"
                },
                {
                  "name": "openSUSE-SU-2012:1081",
                  "refsource": "SUSE",
                  "url": "https://hermes.opensuse.org/messages/15540172"
                },
                {
                  "name": "https://bugzilla.redhat.com/show_bug.cgi?id=841319",
                  "refsource": "MISC",
                  "url": "https://bugzilla.redhat.com/show_bug.cgi?id=841319"
                },
                {
                  "name": "[oss-security] 20120816 pcp: Multiple security flaws",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2012/08/16/1"
                },
                {
                  "name": "FEDORA-2012-12076",
                  "refsource": "FEDORA",
                  "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-August/085333.html"
                },
                {
                  "name": "openSUSE-SU-2012:1036",
                  "refsource": "SUSE",
                  "url": "https://hermes.opensuse.org/messages/15471040"
                },
                {
                  "name": "https://bugzilla.redhat.com/show_bug.cgi?id=841704",
                  "refsource": "MISC",
                  "url": "https://bugzilla.redhat.com/show_bug.cgi?id=841704"
                },
                {
                  "name": "FEDORA-2012-12024",
                  "refsource": "FEDORA",
                  "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-August/085324.html"
                },
                {
                  "name": "https://bugzilla.redhat.com/show_bug.cgi?id=841298",
                  "refsource": "MISC",
                  "url": "https://bugzilla.redhat.com/show_bug.cgi?id=841298"
                },
                {
                  "name": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git;a=commit;h=68fb968b4ee635bb301dc9ab64e633b0d66d27b4",
                  "refsource": "CONFIRM",
                  "url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git;a=commit;h=68fb968b4ee635bb301dc9ab64e633b0d66d27b4"
                },
                {
                  "name": "SUSE-SU-2013:0190",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00024.html"
                },
                {
                  "name": "DSA-2533",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2012/dsa-2533"
                },
                {
                  "name": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git;a=commit;h=a7dc844d3586ea79887655a97c4252a79751fdae",
                  "refsource": "CONFIRM",
                  "url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git;a=commit;h=a7dc844d3586ea79887655a97c4252a79751fdae"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2012-3420",
        "datePublished": "2012-08-27T23:00:00.000Z",
        "dateReserved": "2012-06-14T00:00:00.000Z",
        "dateUpdated": "2024-08-06T20:05:12.163Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2012-3419 (GCVE-0-2012-3419)

    Vulnerability from nvd – Published: 2012-08-27 23:00 – Updated: 2024-08-06 20:05
    VLAI
    Summary
    Performance Co-Pilot (PCP) before 3.6.5 exports some of the /proc file system, which allows attackers to obtain sensitive information such as proc/pid/maps and command line arguments.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2012-08-16 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T20:05:12.091Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git%3Ba=blob%3Bf=CHANGELOG%3Bh=16c9cbb2f61d909487ea1c3171f4ab33e5648ac5%3Bhb=fe51067ae869a4d59f350ac319b09edcb77ac8e6"
              },
              {
                "name": "openSUSE-SU-2012:1079",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "https://hermes.opensuse.org/messages/15540133"
              },
              {
                "name": "openSUSE-SU-2012:1081",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "https://hermes.opensuse.org/messages/15540172"
              },
              {
                "name": "[oss-security] 20120816 pcp: Multiple security flaws",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2012/08/16/1"
              },
              {
                "name": "FEDORA-2012-12076",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-August/085333.html"
              },
              {
                "name": "openSUSE-SU-2012:1036",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "https://hermes.opensuse.org/messages/15471040"
              },
              {
                "name": "FEDORA-2012-12024",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-August/085324.html"
              },
              {
                "name": "SUSE-SU-2013:0190",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00024.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=841702"
              },
              {
                "name": "DSA-2533",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2012/dsa-2533"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2012-08-16T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Performance Co-Pilot (PCP) before 3.6.5 exports some of the /proc file system, which allows attackers to obtain sensitive information such as proc/pid/maps and command line arguments."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2012-09-07T09:00:00.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git%3Ba=blob%3Bf=CHANGELOG%3Bh=16c9cbb2f61d909487ea1c3171f4ab33e5648ac5%3Bhb=fe51067ae869a4d59f350ac319b09edcb77ac8e6"
            },
            {
              "name": "openSUSE-SU-2012:1079",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "https://hermes.opensuse.org/messages/15540133"
            },
            {
              "name": "openSUSE-SU-2012:1081",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "https://hermes.opensuse.org/messages/15540172"
            },
            {
              "name": "[oss-security] 20120816 pcp: Multiple security flaws",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2012/08/16/1"
            },
            {
              "name": "FEDORA-2012-12076",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-August/085333.html"
            },
            {
              "name": "openSUSE-SU-2012:1036",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "https://hermes.opensuse.org/messages/15471040"
            },
            {
              "name": "FEDORA-2012-12024",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-August/085324.html"
            },
            {
              "name": "SUSE-SU-2013:0190",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00024.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=841702"
            },
            {
              "name": "DSA-2533",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2012/dsa-2533"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secalert@redhat.com",
              "ID": "CVE-2012-3419",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Performance Co-Pilot (PCP) before 3.6.5 exports some of the /proc file system, which allows attackers to obtain sensitive information such as proc/pid/maps and command line arguments."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git;a=blob;f=CHANGELOG;h=16c9cbb2f61d909487ea1c3171f4ab33e5648ac5;hb=fe51067ae869a4d59f350ac319b09edcb77ac8e6",
                  "refsource": "CONFIRM",
                  "url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git;a=blob;f=CHANGELOG;h=16c9cbb2f61d909487ea1c3171f4ab33e5648ac5;hb=fe51067ae869a4d59f350ac319b09edcb77ac8e6"
                },
                {
                  "name": "openSUSE-SU-2012:1079",
                  "refsource": "SUSE",
                  "url": "https://hermes.opensuse.org/messages/15540133"
                },
                {
                  "name": "openSUSE-SU-2012:1081",
                  "refsource": "SUSE",
                  "url": "https://hermes.opensuse.org/messages/15540172"
                },
                {
                  "name": "[oss-security] 20120816 pcp: Multiple security flaws",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2012/08/16/1"
                },
                {
                  "name": "FEDORA-2012-12076",
                  "refsource": "FEDORA",
                  "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-August/085333.html"
                },
                {
                  "name": "openSUSE-SU-2012:1036",
                  "refsource": "SUSE",
                  "url": "https://hermes.opensuse.org/messages/15471040"
                },
                {
                  "name": "FEDORA-2012-12024",
                  "refsource": "FEDORA",
                  "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-August/085324.html"
                },
                {
                  "name": "SUSE-SU-2013:0190",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00024.html"
                },
                {
                  "name": "https://bugzilla.redhat.com/show_bug.cgi?id=841702",
                  "refsource": "MISC",
                  "url": "https://bugzilla.redhat.com/show_bug.cgi?id=841702"
                },
                {
                  "name": "DSA-2533",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2012/dsa-2533"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2012-3419",
        "datePublished": "2012-08-27T23:00:00.000Z",
        "dateReserved": "2012-06-14T00:00:00.000Z",
        "dateUpdated": "2024-08-06T20:05:12.091Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2012-3418 (GCVE-0-2012-3418)

    Vulnerability from nvd – Published: 2012-08-27 23:00 – Updated: 2024-08-06 20:05
    VLAI
    Summary
    libpcp in Performance Co-Pilot (PCP) before 3.6.5 allows remote attackers to cause a denial of service and possibly execute arbitrary code via (1) a PDU with the numcreds field value greater than the number of actual elements to the __pmDecodeCreds function in p_creds.c; (2) the string byte number value to the __pmDecodeNameList function in p_pmns.c; (3) the numids value to the __pmDecodeIDList function in p_pmns.c; (4) unspecified vectors to the __pmDecodeProfile function in p_profile.c; the (5) status number value or (6) string number value to the __pmDecodeNameList function in p_pmns.c; (7) certain input to the __pmDecodeResult function in p_result.c; (8) the name length field (namelen) to the DecodeNameReq function in p_pmns.c; (9) a crafted PDU_FETCH request to the __pmDecodeFetch function in p_fetch.c; (10) the namelen field in the __pmDecodeInstanceReq function in p_instance.c; (11) the buflen field to the __pmDecodeText function in p_text.c; (12) PDU_INSTANCE packets to the __pmDecodeInstance in p_instance.c; or the (13) c_numpmid or (14) v_numval fields to the __pmDecodeLogControl function in p_lcontrol.c, which triggers integer overflows, heap-based buffer overflows, and/or buffer over-reads.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    https://bugzilla.redhat.com/show_bug.cgi?id=841249 x_refsource_MISC
    http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.g… x_refsource_CONFIRM
    http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.g… x_refsource_CONFIRM
    https://bugzilla.redhat.com/show_bug.cgi?id=841183 x_refsource_MISC
    https://bugzilla.redhat.com/show_bug.cgi?id=840822 x_refsource_MISC
    https://hermes.opensuse.org/messages/15540133 vendor-advisoryx_refsource_SUSE
    https://bugzilla.redhat.com/show_bug.cgi?id=841698 x_refsource_MISC
    https://bugzilla.redhat.com/show_bug.cgi?id=841284 x_refsource_MISC
    https://hermes.opensuse.org/messages/15540172 vendor-advisoryx_refsource_SUSE
    http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.g… x_refsource_CONFIRM
    http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.g… x_refsource_CONFIRM
    https://bugzilla.redhat.com/show_bug.cgi?id=840920 x_refsource_MISC
    http://www.openwall.com/lists/oss-security/2012/08/16/1 mailing-listx_refsource_MLIST
    http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.g… x_refsource_CONFIRM
    http://lists.fedoraproject.org/pipermail/package-… vendor-advisoryx_refsource_FEDORA
    https://bugzilla.redhat.com/show_bug.cgi?id=841112 x_refsource_MISC
    http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.g… x_refsource_CONFIRM
    https://hermes.opensuse.org/messages/15471040 vendor-advisoryx_refsource_SUSE
    http://lists.fedoraproject.org/pipermail/package-… vendor-advisoryx_refsource_FEDORA
    http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.g… x_refsource_CONFIRM
    https://bugzilla.redhat.com/show_bug.cgi?id=841126 x_refsource_MISC
    https://bugzilla.redhat.com/show_bug.cgi?id=841159 x_refsource_MISC
    http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.g… x_refsource_CONFIRM
    http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.g… x_refsource_CONFIRM
    https://bugzilla.redhat.com/show_bug.cgi?id=841240 x_refsource_MISC
    https://bugzilla.redhat.com/show_bug.cgi?id=841180 x_refsource_MISC
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.g… x_refsource_CONFIRM
    http://www.debian.org/security/2012/dsa-2533 vendor-advisoryx_refsource_DEBIAN
    http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.g… x_refsource_CONFIRM
    Date Public
    2012-08-16 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T20:05:12.135Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=841249"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git%3Ba=commitdiff%3Bh=49c679c44425915a8d6aa4af5f90b35384843c12"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git%3Ba=blob%3Bf=CHANGELOG%3Bh=16c9cbb2f61d909487ea1c3171f4ab33e5648ac5%3Bhb=fe51067ae869a4d59f350ac319b09edcb77ac8e6"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=841183"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=840822"
              },
              {
                "name": "openSUSE-SU-2012:1079",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "https://hermes.opensuse.org/messages/15540133"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=841698"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=841284"
              },
              {
                "name": "openSUSE-SU-2012:1081",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "https://hermes.opensuse.org/messages/15540172"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git%3Ba=commit%3Bh=e4faa1f0ba29151340920d975fc7639adf8371d5"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git%3Ba=commit%3Bh=b441980d53be1835b25f0cd6bcc0062da82032dd"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=840920"
              },
              {
                "name": "[oss-security] 20120816 pcp: Multiple security flaws",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2012/08/16/1"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git%3Ba=commit%3Bh=babd6c5c527f87ec838c13a1b4eba612af6ea27c"
              },
              {
                "name": "FEDORA-2012-12076",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-August/085333.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=841112"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git%3Ba=commit%3Bh=f190942b552aa80d59bbe718866aa00b8e3fd5cc"
              },
              {
                "name": "openSUSE-SU-2012:1036",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "https://hermes.opensuse.org/messages/15471040"
              },
              {
                "name": "FEDORA-2012-12024",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-August/085324.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git%3Ba=commitdiff%3Bh=f0eaefe046b1061797f45b0c20bb2ac371b504a5"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=841126"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=841159"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git%3Ba=commitdiff%3Bh=7eb479b91ef12bf89a15b078af2107c8c4746a4a"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git%3Ba=commitdiff%3Bh=9f4e392c97ce42744ec73f82268ce6c815fdca0e"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=841240"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=841180"
              },
              {
                "name": "SUSE-SU-2013:0190",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00024.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git%3Ba=commitdiff%3Bh=cced6012b4b93bfb640a9678589ced5416743910"
              },
              {
                "name": "DSA-2533",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2012/dsa-2533"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git%3Ba=commitdiff%3Bh=bfb3ab8c6b3d75b1a6580feee76a7d0925a3633c"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2012-08-16T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "libpcp in Performance Co-Pilot (PCP) before 3.6.5 allows remote attackers to cause a denial of service and possibly execute arbitrary code via (1) a PDU with the numcreds field value greater than the number of actual elements to the __pmDecodeCreds function in p_creds.c; (2) the string byte number value to the __pmDecodeNameList function in p_pmns.c; (3) the numids value to the __pmDecodeIDList function in p_pmns.c; (4) unspecified vectors to the __pmDecodeProfile function in p_profile.c; the (5) status number value or (6) string number value to the __pmDecodeNameList function in p_pmns.c; (7) certain input to the __pmDecodeResult function in p_result.c; (8) the name length field (namelen) to the DecodeNameReq function in p_pmns.c; (9) a crafted PDU_FETCH request to the __pmDecodeFetch function in p_fetch.c; (10) the namelen field in the __pmDecodeInstanceReq function in p_instance.c; (11) the buflen field to the __pmDecodeText function in p_text.c; (12) PDU_INSTANCE packets to the __pmDecodeInstance in p_instance.c; or the (13) c_numpmid or (14) v_numval fields to the __pmDecodeLogControl function in p_lcontrol.c, which triggers integer overflows, heap-based buffer overflows, and/or buffer over-reads."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2012-09-07T09:00:00.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=841249"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git%3Ba=commitdiff%3Bh=49c679c44425915a8d6aa4af5f90b35384843c12"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git%3Ba=blob%3Bf=CHANGELOG%3Bh=16c9cbb2f61d909487ea1c3171f4ab33e5648ac5%3Bhb=fe51067ae869a4d59f350ac319b09edcb77ac8e6"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=841183"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=840822"
            },
            {
              "name": "openSUSE-SU-2012:1079",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "https://hermes.opensuse.org/messages/15540133"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=841698"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=841284"
            },
            {
              "name": "openSUSE-SU-2012:1081",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "https://hermes.opensuse.org/messages/15540172"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git%3Ba=commit%3Bh=e4faa1f0ba29151340920d975fc7639adf8371d5"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git%3Ba=commit%3Bh=b441980d53be1835b25f0cd6bcc0062da82032dd"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=840920"
            },
            {
              "name": "[oss-security] 20120816 pcp: Multiple security flaws",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2012/08/16/1"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git%3Ba=commit%3Bh=babd6c5c527f87ec838c13a1b4eba612af6ea27c"
            },
            {
              "name": "FEDORA-2012-12076",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-August/085333.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=841112"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git%3Ba=commit%3Bh=f190942b552aa80d59bbe718866aa00b8e3fd5cc"
            },
            {
              "name": "openSUSE-SU-2012:1036",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "https://hermes.opensuse.org/messages/15471040"
            },
            {
              "name": "FEDORA-2012-12024",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-August/085324.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git%3Ba=commitdiff%3Bh=f0eaefe046b1061797f45b0c20bb2ac371b504a5"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=841126"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=841159"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git%3Ba=commitdiff%3Bh=7eb479b91ef12bf89a15b078af2107c8c4746a4a"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git%3Ba=commitdiff%3Bh=9f4e392c97ce42744ec73f82268ce6c815fdca0e"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=841240"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=841180"
            },
            {
              "name": "SUSE-SU-2013:0190",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00024.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git%3Ba=commitdiff%3Bh=cced6012b4b93bfb640a9678589ced5416743910"
            },
            {
              "name": "DSA-2533",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2012/dsa-2533"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git%3Ba=commitdiff%3Bh=bfb3ab8c6b3d75b1a6580feee76a7d0925a3633c"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secalert@redhat.com",
              "ID": "CVE-2012-3418",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "libpcp in Performance Co-Pilot (PCP) before 3.6.5 allows remote attackers to cause a denial of service and possibly execute arbitrary code via (1) a PDU with the numcreds field value greater than the number of actual elements to the __pmDecodeCreds function in p_creds.c; (2) the string byte number value to the __pmDecodeNameList function in p_pmns.c; (3) the numids value to the __pmDecodeIDList function in p_pmns.c; (4) unspecified vectors to the __pmDecodeProfile function in p_profile.c; the (5) status number value or (6) string number value to the __pmDecodeNameList function in p_pmns.c; (7) certain input to the __pmDecodeResult function in p_result.c; (8) the name length field (namelen) to the DecodeNameReq function in p_pmns.c; (9) a crafted PDU_FETCH request to the __pmDecodeFetch function in p_fetch.c; (10) the namelen field in the __pmDecodeInstanceReq function in p_instance.c; (11) the buflen field to the __pmDecodeText function in p_text.c; (12) PDU_INSTANCE packets to the __pmDecodeInstance in p_instance.c; or the (13) c_numpmid or (14) v_numval fields to the __pmDecodeLogControl function in p_lcontrol.c, which triggers integer overflows, heap-based buffer overflows, and/or buffer over-reads."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://bugzilla.redhat.com/show_bug.cgi?id=841249",
                  "refsource": "MISC",
                  "url": "https://bugzilla.redhat.com/show_bug.cgi?id=841249"
                },
                {
                  "name": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git;a=commitdiff;h=49c679c44425915a8d6aa4af5f90b35384843c12",
                  "refsource": "CONFIRM",
                  "url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git;a=commitdiff;h=49c679c44425915a8d6aa4af5f90b35384843c12"
                },
                {
                  "name": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git;a=blob;f=CHANGELOG;h=16c9cbb2f61d909487ea1c3171f4ab33e5648ac5;hb=fe51067ae869a4d59f350ac319b09edcb77ac8e6",
                  "refsource": "CONFIRM",
                  "url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git;a=blob;f=CHANGELOG;h=16c9cbb2f61d909487ea1c3171f4ab33e5648ac5;hb=fe51067ae869a4d59f350ac319b09edcb77ac8e6"
                },
                {
                  "name": "https://bugzilla.redhat.com/show_bug.cgi?id=841183",
                  "refsource": "MISC",
                  "url": "https://bugzilla.redhat.com/show_bug.cgi?id=841183"
                },
                {
                  "name": "https://bugzilla.redhat.com/show_bug.cgi?id=840822",
                  "refsource": "MISC",
                  "url": "https://bugzilla.redhat.com/show_bug.cgi?id=840822"
                },
                {
                  "name": "openSUSE-SU-2012:1079",
                  "refsource": "SUSE",
                  "url": "https://hermes.opensuse.org/messages/15540133"
                },
                {
                  "name": "https://bugzilla.redhat.com/show_bug.cgi?id=841698",
                  "refsource": "MISC",
                  "url": "https://bugzilla.redhat.com/show_bug.cgi?id=841698"
                },
                {
                  "name": "https://bugzilla.redhat.com/show_bug.cgi?id=841284",
                  "refsource": "MISC",
                  "url": "https://bugzilla.redhat.com/show_bug.cgi?id=841284"
                },
                {
                  "name": "openSUSE-SU-2012:1081",
                  "refsource": "SUSE",
                  "url": "https://hermes.opensuse.org/messages/15540172"
                },
                {
                  "name": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git;a=commit;h=e4faa1f0ba29151340920d975fc7639adf8371d5",
                  "refsource": "CONFIRM",
                  "url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git;a=commit;h=e4faa1f0ba29151340920d975fc7639adf8371d5"
                },
                {
                  "name": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git;a=commit;h=b441980d53be1835b25f0cd6bcc0062da82032dd",
                  "refsource": "CONFIRM",
                  "url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git;a=commit;h=b441980d53be1835b25f0cd6bcc0062da82032dd"
                },
                {
                  "name": "https://bugzilla.redhat.com/show_bug.cgi?id=840920",
                  "refsource": "MISC",
                  "url": "https://bugzilla.redhat.com/show_bug.cgi?id=840920"
                },
                {
                  "name": "[oss-security] 20120816 pcp: Multiple security flaws",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2012/08/16/1"
                },
                {
                  "name": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git;a=commit;h=babd6c5c527f87ec838c13a1b4eba612af6ea27c",
                  "refsource": "CONFIRM",
                  "url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git;a=commit;h=babd6c5c527f87ec838c13a1b4eba612af6ea27c"
                },
                {
                  "name": "FEDORA-2012-12076",
                  "refsource": "FEDORA",
                  "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-August/085333.html"
                },
                {
                  "name": "https://bugzilla.redhat.com/show_bug.cgi?id=841112",
                  "refsource": "MISC",
                  "url": "https://bugzilla.redhat.com/show_bug.cgi?id=841112"
                },
                {
                  "name": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git;a=commit;h=f190942b552aa80d59bbe718866aa00b8e3fd5cc",
                  "refsource": "CONFIRM",
                  "url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git;a=commit;h=f190942b552aa80d59bbe718866aa00b8e3fd5cc"
                },
                {
                  "name": "openSUSE-SU-2012:1036",
                  "refsource": "SUSE",
                  "url": "https://hermes.opensuse.org/messages/15471040"
                },
                {
                  "name": "FEDORA-2012-12024",
                  "refsource": "FEDORA",
                  "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-August/085324.html"
                },
                {
                  "name": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git;a=commitdiff;h=f0eaefe046b1061797f45b0c20bb2ac371b504a5",
                  "refsource": "CONFIRM",
                  "url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git;a=commitdiff;h=f0eaefe046b1061797f45b0c20bb2ac371b504a5"
                },
                {
                  "name": "https://bugzilla.redhat.com/show_bug.cgi?id=841126",
                  "refsource": "MISC",
                  "url": "https://bugzilla.redhat.com/show_bug.cgi?id=841126"
                },
                {
                  "name": "https://bugzilla.redhat.com/show_bug.cgi?id=841159",
                  "refsource": "MISC",
                  "url": "https://bugzilla.redhat.com/show_bug.cgi?id=841159"
                },
                {
                  "name": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git;a=commitdiff;h=7eb479b91ef12bf89a15b078af2107c8c4746a4a",
                  "refsource": "CONFIRM",
                  "url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git;a=commitdiff;h=7eb479b91ef12bf89a15b078af2107c8c4746a4a"
                },
                {
                  "name": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git;a=commitdiff;h=9f4e392c97ce42744ec73f82268ce6c815fdca0e",
                  "refsource": "CONFIRM",
                  "url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git;a=commitdiff;h=9f4e392c97ce42744ec73f82268ce6c815fdca0e"
                },
                {
                  "name": "https://bugzilla.redhat.com/show_bug.cgi?id=841240",
                  "refsource": "MISC",
                  "url": "https://bugzilla.redhat.com/show_bug.cgi?id=841240"
                },
                {
                  "name": "https://bugzilla.redhat.com/show_bug.cgi?id=841180",
                  "refsource": "MISC",
                  "url": "https://bugzilla.redhat.com/show_bug.cgi?id=841180"
                },
                {
                  "name": "SUSE-SU-2013:0190",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00024.html"
                },
                {
                  "name": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git;a=commitdiff;h=cced6012b4b93bfb640a9678589ced5416743910",
                  "refsource": "CONFIRM",
                  "url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git;a=commitdiff;h=cced6012b4b93bfb640a9678589ced5416743910"
                },
                {
                  "name": "DSA-2533",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2012/dsa-2533"
                },
                {
                  "name": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git;a=commitdiff;h=bfb3ab8c6b3d75b1a6580feee76a7d0925a3633c",
                  "refsource": "CONFIRM",
                  "url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git;a=commitdiff;h=bfb3ab8c6b3d75b1a6580feee76a7d0925a3633c"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2012-3418",
        "datePublished": "2012-08-27T23:00:00.000Z",
        "dateReserved": "2012-06-14T00:00:00.000Z",
        "dateUpdated": "2024-08-06T20:05:12.135Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2001-0823 (GCVE-0-2001-0823)

    Vulnerability from nvd – Published: 2002-03-09 05:00 – Updated: 2024-08-08 04:37
    VLAI
    Summary
    The pmpost program in Performance Co-Pilot (PCP) before 2.2.1-3 allows a local user to gain privileges via a symlink attack on the NOTICES file in the PCP log directory (PCP_LOG_DIR).
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2001-06-18 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-08T04:37:06.210Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20010618 pmpost - another nice symlink follower",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=bugtraq\u0026m=99290754901708\u0026w=2"
              },
              {
                "name": "20010619 Re: pmpost - another nice symlink follower",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://archives.neohapsis.com/archives/bugtraq/2001-06/0245.html"
              },
              {
                "name": "2887",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/2887"
              },
              {
                "name": "irix-pcp-pmpost-symlink(6724)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6724"
              },
              {
                "name": "20010601-01-A",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SGI",
                  "x_transferred"
                ],
                "url": "ftp://patches.sgi.com/support/free/security/advisories/20010601-01-A"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2001-06-18T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The pmpost program in Performance Co-Pilot (PCP) before 2.2.1-3 allows a local user to gain privileges via a symlink attack on the NOTICES file in the PCP log directory (PCP_LOG_DIR)."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2001-11-28T10:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "20010618 pmpost - another nice symlink follower",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://marc.info/?l=bugtraq\u0026m=99290754901708\u0026w=2"
            },
            {
              "name": "20010619 Re: pmpost - another nice symlink follower",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://archives.neohapsis.com/archives/bugtraq/2001-06/0245.html"
            },
            {
              "name": "2887",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/2887"
            },
            {
              "name": "irix-pcp-pmpost-symlink(6724)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6724"
            },
            {
              "name": "20010601-01-A",
              "tags": [
                "vendor-advisory",
                "x_refsource_SGI"
              ],
              "url": "ftp://patches.sgi.com/support/free/security/advisories/20010601-01-A"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2001-0823",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The pmpost program in Performance Co-Pilot (PCP) before 2.2.1-3 allows a local user to gain privileges via a symlink attack on the NOTICES file in the PCP log directory (PCP_LOG_DIR)."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "20010618 pmpost - another nice symlink follower",
                  "refsource": "BUGTRAQ",
                  "url": "http://marc.info/?l=bugtraq\u0026m=99290754901708\u0026w=2"
                },
                {
                  "name": "20010619 Re: pmpost - another nice symlink follower",
                  "refsource": "BUGTRAQ",
                  "url": "http://archives.neohapsis.com/archives/bugtraq/2001-06/0245.html"
                },
                {
                  "name": "2887",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/2887"
                },
                {
                  "name": "irix-pcp-pmpost-symlink(6724)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6724"
                },
                {
                  "name": "20010601-01-A",
                  "refsource": "SGI",
                  "url": "ftp://patches.sgi.com/support/free/security/advisories/20010601-01-A"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2001-0823",
        "datePublished": "2002-03-09T05:00:00.000Z",
        "dateReserved": "2001-11-22T00:00:00.000Z",
        "dateUpdated": "2024-08-08T04:37:06.210Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-6917 (GCVE-0-2023-6917)

    Vulnerability from cvelistv5 – Published: 2024-02-28 14:38 – Updated: 2026-02-25 18:20
    VLAI
    Title
    Pcp: unsafe use of directories allows pcp to root privilege escalation
    Summary
    A vulnerability has been identified in the Performance Co-Pilot (PCP) package, stemming from the mixed privilege levels utilized by systemd services associated with PCP. While certain services operate within the confines of limited PCP user/group privileges, others are granted full root privileges. This disparity in privilege levels poses a risk when privileged root processes interact with directories or directory trees owned by unprivileged PCP users. Specifically, this vulnerability may lead to the compromise of PCP user isolation and facilitate local PCP-to-root exploits, particularly through symlink attacks. These vulnerabilities underscore the importance of maintaining robust privilege separation mechanisms within PCP to mitigate the potential for unauthorized privilege escalation.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-367 - Time-of-check Time-of-use (TOCTOU) Race Condition
    Assigner
    References
    URL Tags
    https://access.redhat.com/errata/RHSA-2024:2213 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/security/cve/CVE-2023-6917 vdb-entryx_refsource_REDHAT
    https://bugzilla.redhat.com/show_bug.cgi?id=2254983 issue-trackingx_refsource_REDHAT
    Impacted products
    Vendor Product Version
    Red Hat Red Hat Enterprise Linux 9 Unaffected: 0:6.2.0-1.el9 , < * (rpm)
        cpe:/a:redhat:enterprise_linux:9::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 6     cpe:/o:redhat:enterprise_linux:6
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 7     cpe:/o:redhat:enterprise_linux:7
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8     cpe:/o:redhat:enterprise_linux:8
    Create a notification for this product.
    Date Public
    2024-02-15 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T08:42:08.409Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "RHSA-2024:2213",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2024:2213"
              },
              {
                "tags": [
                  "vdb-entry",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/security/cve/CVE-2023-6917"
              },
              {
                "name": "RHBZ#2254983",
                "tags": [
                  "issue-tracking",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254983"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-6917",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-02-28T20:00:24.999365Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-08-12T20:41:24.811Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:enterprise_linux:9::appstream"
              ],
              "defaultStatus": "affected",
              "packageName": "pcp",
              "product": "Red Hat Enterprise Linux 9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "0:6.2.0-1.el9",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:6"
              ],
              "defaultStatus": "unknown",
              "packageName": "pcp",
              "product": "Red Hat Enterprise Linux 6",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:7"
              ],
              "defaultStatus": "unknown",
              "packageName": "pcp",
              "product": "Red Hat Enterprise Linux 7",
              "vendor": "Red Hat"
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/o:redhat:enterprise_linux:8"
              ],
              "defaultStatus": "affected",
              "packageName": "pcp",
              "product": "Red Hat Enterprise Linux 8",
              "vendor": "Red Hat"
            }
          ],
          "datePublic": "2024-02-15T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability has been identified in the Performance Co-Pilot (PCP) package, stemming from the mixed privilege levels utilized by systemd services associated with PCP. While certain services operate within the confines of limited PCP user/group privileges, others are granted full root privileges. This disparity in privilege levels poses a risk when privileged root processes interact with directories or directory trees owned by unprivileged PCP users. Specifically, this vulnerability may lead to the compromise of PCP user isolation and facilitate local PCP-to-root exploits, particularly through symlink attacks. These vulnerabilities underscore the importance of maintaining robust privilege separation mechanisms within PCP to mitigate the potential for unauthorized privilege escalation."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Moderate"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 6,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-367",
                  "description": "Time-of-check Time-of-use (TOCTOU) Race Condition",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-25T18:20:20.221Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHSA-2024:2213",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2024:2213"
            },
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2023-6917"
            },
            {
              "name": "RHBZ#2254983",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254983"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2023-12-14T00:00:00.000Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2024-02-15T00:00:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Pcp: unsafe use of directories allows pcp to root privilege escalation",
          "workarounds": [
            {
              "lang": "en",
              "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
            }
          ],
          "x_generator": {
            "engine": "cvelib 1.8.0"
          },
          "x_redhatCweChain": "CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2023-6917",
        "datePublished": "2024-02-28T14:38:19.258Z",
        "dateReserved": "2023-12-18T11:14:14.230Z",
        "dateUpdated": "2026-02-25T18:20:20.221Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2012-5530 (GCVE-0-2012-5530)

    Vulnerability from cvelistv5 – Published: 2012-11-29 11:00 – Updated: 2024-08-06 21:05
    VLAI
    Summary
    The (1) pcmd and (2) pmlogger init scripts in Performance Co-Pilot (PCP) before 3.6.10 allow local users to overwrite arbitrary files via a symlink attack on a /var/tmp/##### temporary file.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2012-11-19 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T21:05:47.347Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "56656",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/56656"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=875842"
              },
              {
                "name": "SUSE-SU-2013:0190",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00024.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.novell.com/show_bug.cgi?id=782967"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2012-11-19T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The (1) pcmd and (2) pmlogger init scripts in Performance Co-Pilot (PCP) before 3.6.10 allow local users to overwrite arbitrary files via a symlink attack on a /var/tmp/##### temporary file."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2013-02-07T10:00:00.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "56656",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/56656"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=875842"
            },
            {
              "name": "SUSE-SU-2013:0190",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00024.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.novell.com/show_bug.cgi?id=782967"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2012-5530",
        "datePublished": "2012-11-29T11:00:00.000Z",
        "dateReserved": "2012-10-24T00:00:00.000Z",
        "dateUpdated": "2024-08-06T21:05:47.347Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2012-3419 (GCVE-0-2012-3419)

    Vulnerability from cvelistv5 – Published: 2012-08-27 23:00 – Updated: 2024-08-06 20:05
    VLAI
    Summary
    Performance Co-Pilot (PCP) before 3.6.5 exports some of the /proc file system, which allows attackers to obtain sensitive information such as proc/pid/maps and command line arguments.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2012-08-16 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T20:05:12.091Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git%3Ba=blob%3Bf=CHANGELOG%3Bh=16c9cbb2f61d909487ea1c3171f4ab33e5648ac5%3Bhb=fe51067ae869a4d59f350ac319b09edcb77ac8e6"
              },
              {
                "name": "openSUSE-SU-2012:1079",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "https://hermes.opensuse.org/messages/15540133"
              },
              {
                "name": "openSUSE-SU-2012:1081",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "https://hermes.opensuse.org/messages/15540172"
              },
              {
                "name": "[oss-security] 20120816 pcp: Multiple security flaws",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2012/08/16/1"
              },
              {
                "name": "FEDORA-2012-12076",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-August/085333.html"
              },
              {
                "name": "openSUSE-SU-2012:1036",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "https://hermes.opensuse.org/messages/15471040"
              },
              {
                "name": "FEDORA-2012-12024",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-August/085324.html"
              },
              {
                "name": "SUSE-SU-2013:0190",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00024.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=841702"
              },
              {
                "name": "DSA-2533",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2012/dsa-2533"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2012-08-16T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Performance Co-Pilot (PCP) before 3.6.5 exports some of the /proc file system, which allows attackers to obtain sensitive information such as proc/pid/maps and command line arguments."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2012-09-07T09:00:00.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git%3Ba=blob%3Bf=CHANGELOG%3Bh=16c9cbb2f61d909487ea1c3171f4ab33e5648ac5%3Bhb=fe51067ae869a4d59f350ac319b09edcb77ac8e6"
            },
            {
              "name": "openSUSE-SU-2012:1079",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "https://hermes.opensuse.org/messages/15540133"
            },
            {
              "name": "openSUSE-SU-2012:1081",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "https://hermes.opensuse.org/messages/15540172"
            },
            {
              "name": "[oss-security] 20120816 pcp: Multiple security flaws",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2012/08/16/1"
            },
            {
              "name": "FEDORA-2012-12076",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-August/085333.html"
            },
            {
              "name": "openSUSE-SU-2012:1036",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "https://hermes.opensuse.org/messages/15471040"
            },
            {
              "name": "FEDORA-2012-12024",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-August/085324.html"
            },
            {
              "name": "SUSE-SU-2013:0190",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00024.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=841702"
            },
            {
              "name": "DSA-2533",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2012/dsa-2533"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secalert@redhat.com",
              "ID": "CVE-2012-3419",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Performance Co-Pilot (PCP) before 3.6.5 exports some of the /proc file system, which allows attackers to obtain sensitive information such as proc/pid/maps and command line arguments."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git;a=blob;f=CHANGELOG;h=16c9cbb2f61d909487ea1c3171f4ab33e5648ac5;hb=fe51067ae869a4d59f350ac319b09edcb77ac8e6",
                  "refsource": "CONFIRM",
                  "url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git;a=blob;f=CHANGELOG;h=16c9cbb2f61d909487ea1c3171f4ab33e5648ac5;hb=fe51067ae869a4d59f350ac319b09edcb77ac8e6"
                },
                {
                  "name": "openSUSE-SU-2012:1079",
                  "refsource": "SUSE",
                  "url": "https://hermes.opensuse.org/messages/15540133"
                },
                {
                  "name": "openSUSE-SU-2012:1081",
                  "refsource": "SUSE",
                  "url": "https://hermes.opensuse.org/messages/15540172"
                },
                {
                  "name": "[oss-security] 20120816 pcp: Multiple security flaws",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2012/08/16/1"
                },
                {
                  "name": "FEDORA-2012-12076",
                  "refsource": "FEDORA",
                  "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-August/085333.html"
                },
                {
                  "name": "openSUSE-SU-2012:1036",
                  "refsource": "SUSE",
                  "url": "https://hermes.opensuse.org/messages/15471040"
                },
                {
                  "name": "FEDORA-2012-12024",
                  "refsource": "FEDORA",
                  "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-August/085324.html"
                },
                {
                  "name": "SUSE-SU-2013:0190",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00024.html"
                },
                {
                  "name": "https://bugzilla.redhat.com/show_bug.cgi?id=841702",
                  "refsource": "MISC",
                  "url": "https://bugzilla.redhat.com/show_bug.cgi?id=841702"
                },
                {
                  "name": "DSA-2533",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2012/dsa-2533"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2012-3419",
        "datePublished": "2012-08-27T23:00:00.000Z",
        "dateReserved": "2012-06-14T00:00:00.000Z",
        "dateUpdated": "2024-08-06T20:05:12.091Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2012-3418 (GCVE-0-2012-3418)

    Vulnerability from cvelistv5 – Published: 2012-08-27 23:00 – Updated: 2024-08-06 20:05
    VLAI
    Summary
    libpcp in Performance Co-Pilot (PCP) before 3.6.5 allows remote attackers to cause a denial of service and possibly execute arbitrary code via (1) a PDU with the numcreds field value greater than the number of actual elements to the __pmDecodeCreds function in p_creds.c; (2) the string byte number value to the __pmDecodeNameList function in p_pmns.c; (3) the numids value to the __pmDecodeIDList function in p_pmns.c; (4) unspecified vectors to the __pmDecodeProfile function in p_profile.c; the (5) status number value or (6) string number value to the __pmDecodeNameList function in p_pmns.c; (7) certain input to the __pmDecodeResult function in p_result.c; (8) the name length field (namelen) to the DecodeNameReq function in p_pmns.c; (9) a crafted PDU_FETCH request to the __pmDecodeFetch function in p_fetch.c; (10) the namelen field in the __pmDecodeInstanceReq function in p_instance.c; (11) the buflen field to the __pmDecodeText function in p_text.c; (12) PDU_INSTANCE packets to the __pmDecodeInstance in p_instance.c; or the (13) c_numpmid or (14) v_numval fields to the __pmDecodeLogControl function in p_lcontrol.c, which triggers integer overflows, heap-based buffer overflows, and/or buffer over-reads.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    https://bugzilla.redhat.com/show_bug.cgi?id=841249 x_refsource_MISC
    http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.g… x_refsource_CONFIRM
    http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.g… x_refsource_CONFIRM
    https://bugzilla.redhat.com/show_bug.cgi?id=841183 x_refsource_MISC
    https://bugzilla.redhat.com/show_bug.cgi?id=840822 x_refsource_MISC
    https://hermes.opensuse.org/messages/15540133 vendor-advisoryx_refsource_SUSE
    https://bugzilla.redhat.com/show_bug.cgi?id=841698 x_refsource_MISC
    https://bugzilla.redhat.com/show_bug.cgi?id=841284 x_refsource_MISC
    https://hermes.opensuse.org/messages/15540172 vendor-advisoryx_refsource_SUSE
    http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.g… x_refsource_CONFIRM
    http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.g… x_refsource_CONFIRM
    https://bugzilla.redhat.com/show_bug.cgi?id=840920 x_refsource_MISC
    http://www.openwall.com/lists/oss-security/2012/08/16/1 mailing-listx_refsource_MLIST
    http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.g… x_refsource_CONFIRM
    http://lists.fedoraproject.org/pipermail/package-… vendor-advisoryx_refsource_FEDORA
    https://bugzilla.redhat.com/show_bug.cgi?id=841112 x_refsource_MISC
    http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.g… x_refsource_CONFIRM
    https://hermes.opensuse.org/messages/15471040 vendor-advisoryx_refsource_SUSE
    http://lists.fedoraproject.org/pipermail/package-… vendor-advisoryx_refsource_FEDORA
    http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.g… x_refsource_CONFIRM
    https://bugzilla.redhat.com/show_bug.cgi?id=841126 x_refsource_MISC
    https://bugzilla.redhat.com/show_bug.cgi?id=841159 x_refsource_MISC
    http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.g… x_refsource_CONFIRM
    http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.g… x_refsource_CONFIRM
    https://bugzilla.redhat.com/show_bug.cgi?id=841240 x_refsource_MISC
    https://bugzilla.redhat.com/show_bug.cgi?id=841180 x_refsource_MISC
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
    http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.g… x_refsource_CONFIRM
    http://www.debian.org/security/2012/dsa-2533 vendor-advisoryx_refsource_DEBIAN
    http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.g… x_refsource_CONFIRM
    Date Public
    2012-08-16 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T20:05:12.135Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=841249"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git%3Ba=commitdiff%3Bh=49c679c44425915a8d6aa4af5f90b35384843c12"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git%3Ba=blob%3Bf=CHANGELOG%3Bh=16c9cbb2f61d909487ea1c3171f4ab33e5648ac5%3Bhb=fe51067ae869a4d59f350ac319b09edcb77ac8e6"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=841183"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=840822"
              },
              {
                "name": "openSUSE-SU-2012:1079",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "https://hermes.opensuse.org/messages/15540133"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=841698"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=841284"
              },
              {
                "name": "openSUSE-SU-2012:1081",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "https://hermes.opensuse.org/messages/15540172"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git%3Ba=commit%3Bh=e4faa1f0ba29151340920d975fc7639adf8371d5"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git%3Ba=commit%3Bh=b441980d53be1835b25f0cd6bcc0062da82032dd"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=840920"
              },
              {
                "name": "[oss-security] 20120816 pcp: Multiple security flaws",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2012/08/16/1"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git%3Ba=commit%3Bh=babd6c5c527f87ec838c13a1b4eba612af6ea27c"
              },
              {
                "name": "FEDORA-2012-12076",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-August/085333.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=841112"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git%3Ba=commit%3Bh=f190942b552aa80d59bbe718866aa00b8e3fd5cc"
              },
              {
                "name": "openSUSE-SU-2012:1036",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "https://hermes.opensuse.org/messages/15471040"
              },
              {
                "name": "FEDORA-2012-12024",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-August/085324.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git%3Ba=commitdiff%3Bh=f0eaefe046b1061797f45b0c20bb2ac371b504a5"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=841126"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=841159"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git%3Ba=commitdiff%3Bh=7eb479b91ef12bf89a15b078af2107c8c4746a4a"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git%3Ba=commitdiff%3Bh=9f4e392c97ce42744ec73f82268ce6c815fdca0e"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=841240"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=841180"
              },
              {
                "name": "SUSE-SU-2013:0190",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00024.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git%3Ba=commitdiff%3Bh=cced6012b4b93bfb640a9678589ced5416743910"
              },
              {
                "name": "DSA-2533",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2012/dsa-2533"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git%3Ba=commitdiff%3Bh=bfb3ab8c6b3d75b1a6580feee76a7d0925a3633c"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2012-08-16T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "libpcp in Performance Co-Pilot (PCP) before 3.6.5 allows remote attackers to cause a denial of service and possibly execute arbitrary code via (1) a PDU with the numcreds field value greater than the number of actual elements to the __pmDecodeCreds function in p_creds.c; (2) the string byte number value to the __pmDecodeNameList function in p_pmns.c; (3) the numids value to the __pmDecodeIDList function in p_pmns.c; (4) unspecified vectors to the __pmDecodeProfile function in p_profile.c; the (5) status number value or (6) string number value to the __pmDecodeNameList function in p_pmns.c; (7) certain input to the __pmDecodeResult function in p_result.c; (8) the name length field (namelen) to the DecodeNameReq function in p_pmns.c; (9) a crafted PDU_FETCH request to the __pmDecodeFetch function in p_fetch.c; (10) the namelen field in the __pmDecodeInstanceReq function in p_instance.c; (11) the buflen field to the __pmDecodeText function in p_text.c; (12) PDU_INSTANCE packets to the __pmDecodeInstance in p_instance.c; or the (13) c_numpmid or (14) v_numval fields to the __pmDecodeLogControl function in p_lcontrol.c, which triggers integer overflows, heap-based buffer overflows, and/or buffer over-reads."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2012-09-07T09:00:00.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=841249"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git%3Ba=commitdiff%3Bh=49c679c44425915a8d6aa4af5f90b35384843c12"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git%3Ba=blob%3Bf=CHANGELOG%3Bh=16c9cbb2f61d909487ea1c3171f4ab33e5648ac5%3Bhb=fe51067ae869a4d59f350ac319b09edcb77ac8e6"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=841183"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=840822"
            },
            {
              "name": "openSUSE-SU-2012:1079",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "https://hermes.opensuse.org/messages/15540133"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=841698"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=841284"
            },
            {
              "name": "openSUSE-SU-2012:1081",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "https://hermes.opensuse.org/messages/15540172"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git%3Ba=commit%3Bh=e4faa1f0ba29151340920d975fc7639adf8371d5"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git%3Ba=commit%3Bh=b441980d53be1835b25f0cd6bcc0062da82032dd"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=840920"
            },
            {
              "name": "[oss-security] 20120816 pcp: Multiple security flaws",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2012/08/16/1"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git%3Ba=commit%3Bh=babd6c5c527f87ec838c13a1b4eba612af6ea27c"
            },
            {
              "name": "FEDORA-2012-12076",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-August/085333.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=841112"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git%3Ba=commit%3Bh=f190942b552aa80d59bbe718866aa00b8e3fd5cc"
            },
            {
              "name": "openSUSE-SU-2012:1036",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "https://hermes.opensuse.org/messages/15471040"
            },
            {
              "name": "FEDORA-2012-12024",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-August/085324.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git%3Ba=commitdiff%3Bh=f0eaefe046b1061797f45b0c20bb2ac371b504a5"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=841126"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=841159"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git%3Ba=commitdiff%3Bh=7eb479b91ef12bf89a15b078af2107c8c4746a4a"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git%3Ba=commitdiff%3Bh=9f4e392c97ce42744ec73f82268ce6c815fdca0e"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=841240"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=841180"
            },
            {
              "name": "SUSE-SU-2013:0190",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00024.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git%3Ba=commitdiff%3Bh=cced6012b4b93bfb640a9678589ced5416743910"
            },
            {
              "name": "DSA-2533",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2012/dsa-2533"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git%3Ba=commitdiff%3Bh=bfb3ab8c6b3d75b1a6580feee76a7d0925a3633c"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secalert@redhat.com",
              "ID": "CVE-2012-3418",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "libpcp in Performance Co-Pilot (PCP) before 3.6.5 allows remote attackers to cause a denial of service and possibly execute arbitrary code via (1) a PDU with the numcreds field value greater than the number of actual elements to the __pmDecodeCreds function in p_creds.c; (2) the string byte number value to the __pmDecodeNameList function in p_pmns.c; (3) the numids value to the __pmDecodeIDList function in p_pmns.c; (4) unspecified vectors to the __pmDecodeProfile function in p_profile.c; the (5) status number value or (6) string number value to the __pmDecodeNameList function in p_pmns.c; (7) certain input to the __pmDecodeResult function in p_result.c; (8) the name length field (namelen) to the DecodeNameReq function in p_pmns.c; (9) a crafted PDU_FETCH request to the __pmDecodeFetch function in p_fetch.c; (10) the namelen field in the __pmDecodeInstanceReq function in p_instance.c; (11) the buflen field to the __pmDecodeText function in p_text.c; (12) PDU_INSTANCE packets to the __pmDecodeInstance in p_instance.c; or the (13) c_numpmid or (14) v_numval fields to the __pmDecodeLogControl function in p_lcontrol.c, which triggers integer overflows, heap-based buffer overflows, and/or buffer over-reads."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://bugzilla.redhat.com/show_bug.cgi?id=841249",
                  "refsource": "MISC",
                  "url": "https://bugzilla.redhat.com/show_bug.cgi?id=841249"
                },
                {
                  "name": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git;a=commitdiff;h=49c679c44425915a8d6aa4af5f90b35384843c12",
                  "refsource": "CONFIRM",
                  "url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git;a=commitdiff;h=49c679c44425915a8d6aa4af5f90b35384843c12"
                },
                {
                  "name": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git;a=blob;f=CHANGELOG;h=16c9cbb2f61d909487ea1c3171f4ab33e5648ac5;hb=fe51067ae869a4d59f350ac319b09edcb77ac8e6",
                  "refsource": "CONFIRM",
                  "url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git;a=blob;f=CHANGELOG;h=16c9cbb2f61d909487ea1c3171f4ab33e5648ac5;hb=fe51067ae869a4d59f350ac319b09edcb77ac8e6"
                },
                {
                  "name": "https://bugzilla.redhat.com/show_bug.cgi?id=841183",
                  "refsource": "MISC",
                  "url": "https://bugzilla.redhat.com/show_bug.cgi?id=841183"
                },
                {
                  "name": "https://bugzilla.redhat.com/show_bug.cgi?id=840822",
                  "refsource": "MISC",
                  "url": "https://bugzilla.redhat.com/show_bug.cgi?id=840822"
                },
                {
                  "name": "openSUSE-SU-2012:1079",
                  "refsource": "SUSE",
                  "url": "https://hermes.opensuse.org/messages/15540133"
                },
                {
                  "name": "https://bugzilla.redhat.com/show_bug.cgi?id=841698",
                  "refsource": "MISC",
                  "url": "https://bugzilla.redhat.com/show_bug.cgi?id=841698"
                },
                {
                  "name": "https://bugzilla.redhat.com/show_bug.cgi?id=841284",
                  "refsource": "MISC",
                  "url": "https://bugzilla.redhat.com/show_bug.cgi?id=841284"
                },
                {
                  "name": "openSUSE-SU-2012:1081",
                  "refsource": "SUSE",
                  "url": "https://hermes.opensuse.org/messages/15540172"
                },
                {
                  "name": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git;a=commit;h=e4faa1f0ba29151340920d975fc7639adf8371d5",
                  "refsource": "CONFIRM",
                  "url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git;a=commit;h=e4faa1f0ba29151340920d975fc7639adf8371d5"
                },
                {
                  "name": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git;a=commit;h=b441980d53be1835b25f0cd6bcc0062da82032dd",
                  "refsource": "CONFIRM",
                  "url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git;a=commit;h=b441980d53be1835b25f0cd6bcc0062da82032dd"
                },
                {
                  "name": "https://bugzilla.redhat.com/show_bug.cgi?id=840920",
                  "refsource": "MISC",
                  "url": "https://bugzilla.redhat.com/show_bug.cgi?id=840920"
                },
                {
                  "name": "[oss-security] 20120816 pcp: Multiple security flaws",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2012/08/16/1"
                },
                {
                  "name": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git;a=commit;h=babd6c5c527f87ec838c13a1b4eba612af6ea27c",
                  "refsource": "CONFIRM",
                  "url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git;a=commit;h=babd6c5c527f87ec838c13a1b4eba612af6ea27c"
                },
                {
                  "name": "FEDORA-2012-12076",
                  "refsource": "FEDORA",
                  "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-August/085333.html"
                },
                {
                  "name": "https://bugzilla.redhat.com/show_bug.cgi?id=841112",
                  "refsource": "MISC",
                  "url": "https://bugzilla.redhat.com/show_bug.cgi?id=841112"
                },
                {
                  "name": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git;a=commit;h=f190942b552aa80d59bbe718866aa00b8e3fd5cc",
                  "refsource": "CONFIRM",
                  "url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git;a=commit;h=f190942b552aa80d59bbe718866aa00b8e3fd5cc"
                },
                {
                  "name": "openSUSE-SU-2012:1036",
                  "refsource": "SUSE",
                  "url": "https://hermes.opensuse.org/messages/15471040"
                },
                {
                  "name": "FEDORA-2012-12024",
                  "refsource": "FEDORA",
                  "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-August/085324.html"
                },
                {
                  "name": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git;a=commitdiff;h=f0eaefe046b1061797f45b0c20bb2ac371b504a5",
                  "refsource": "CONFIRM",
                  "url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git;a=commitdiff;h=f0eaefe046b1061797f45b0c20bb2ac371b504a5"
                },
                {
                  "name": "https://bugzilla.redhat.com/show_bug.cgi?id=841126",
                  "refsource": "MISC",
                  "url": "https://bugzilla.redhat.com/show_bug.cgi?id=841126"
                },
                {
                  "name": "https://bugzilla.redhat.com/show_bug.cgi?id=841159",
                  "refsource": "MISC",
                  "url": "https://bugzilla.redhat.com/show_bug.cgi?id=841159"
                },
                {
                  "name": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git;a=commitdiff;h=7eb479b91ef12bf89a15b078af2107c8c4746a4a",
                  "refsource": "CONFIRM",
                  "url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git;a=commitdiff;h=7eb479b91ef12bf89a15b078af2107c8c4746a4a"
                },
                {
                  "name": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git;a=commitdiff;h=9f4e392c97ce42744ec73f82268ce6c815fdca0e",
                  "refsource": "CONFIRM",
                  "url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git;a=commitdiff;h=9f4e392c97ce42744ec73f82268ce6c815fdca0e"
                },
                {
                  "name": "https://bugzilla.redhat.com/show_bug.cgi?id=841240",
                  "refsource": "MISC",
                  "url": "https://bugzilla.redhat.com/show_bug.cgi?id=841240"
                },
                {
                  "name": "https://bugzilla.redhat.com/show_bug.cgi?id=841180",
                  "refsource": "MISC",
                  "url": "https://bugzilla.redhat.com/show_bug.cgi?id=841180"
                },
                {
                  "name": "SUSE-SU-2013:0190",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00024.html"
                },
                {
                  "name": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git;a=commitdiff;h=cced6012b4b93bfb640a9678589ced5416743910",
                  "refsource": "CONFIRM",
                  "url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git;a=commitdiff;h=cced6012b4b93bfb640a9678589ced5416743910"
                },
                {
                  "name": "DSA-2533",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2012/dsa-2533"
                },
                {
                  "name": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git;a=commitdiff;h=bfb3ab8c6b3d75b1a6580feee76a7d0925a3633c",
                  "refsource": "CONFIRM",
                  "url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git;a=commitdiff;h=bfb3ab8c6b3d75b1a6580feee76a7d0925a3633c"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2012-3418",
        "datePublished": "2012-08-27T23:00:00.000Z",
        "dateReserved": "2012-06-14T00:00:00.000Z",
        "dateUpdated": "2024-08-06T20:05:12.135Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2012-3420 (GCVE-0-2012-3420)

    Vulnerability from cvelistv5 – Published: 2012-08-27 23:00 – Updated: 2024-08-06 20:05
    VLAI
    Summary
    Multiple memory leaks in Performance Co-Pilot (PCP) before 3.6.5 allow remote attackers to cause a denial of service (memory consumption or daemon crash) via a large number of PDUs with (1) a crafted context number to the DoFetch function in pmcd/src/dofetch.c or (2) a negative type value to the __pmGetPDU function in libpcp/src/pdu.c.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Date Public
    2012-08-12 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T20:05:12.163Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git%3Ba=blob%3Bf=CHANGELOG%3Bh=16c9cbb2f61d909487ea1c3171f4ab33e5648ac5%3Bhb=fe51067ae869a4d59f350ac319b09edcb77ac8e6"
              },
              {
                "name": "openSUSE-SU-2012:1079",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "https://hermes.opensuse.org/messages/15540133"
              },
              {
                "name": "openSUSE-SU-2012:1081",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "https://hermes.opensuse.org/messages/15540172"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=841319"
              },
              {
                "name": "[oss-security] 20120816 pcp: Multiple security flaws",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2012/08/16/1"
              },
              {
                "name": "FEDORA-2012-12076",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-August/085333.html"
              },
              {
                "name": "openSUSE-SU-2012:1036",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "https://hermes.opensuse.org/messages/15471040"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=841704"
              },
              {
                "name": "FEDORA-2012-12024",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-August/085324.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=841298"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git%3Ba=commit%3Bh=68fb968b4ee635bb301dc9ab64e633b0d66d27b4"
              },
              {
                "name": "SUSE-SU-2013:0190",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00024.html"
              },
              {
                "name": "DSA-2533",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2012/dsa-2533"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git%3Ba=commit%3Bh=a7dc844d3586ea79887655a97c4252a79751fdae"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2012-08-12T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple memory leaks in Performance Co-Pilot (PCP) before 3.6.5 allow remote attackers to cause a denial of service (memory consumption or daemon crash) via a large number of PDUs with (1) a crafted context number to the DoFetch function in pmcd/src/dofetch.c or (2) a negative type value to the __pmGetPDU function in libpcp/src/pdu.c."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2012-09-07T09:00:00.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git%3Ba=blob%3Bf=CHANGELOG%3Bh=16c9cbb2f61d909487ea1c3171f4ab33e5648ac5%3Bhb=fe51067ae869a4d59f350ac319b09edcb77ac8e6"
            },
            {
              "name": "openSUSE-SU-2012:1079",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "https://hermes.opensuse.org/messages/15540133"
            },
            {
              "name": "openSUSE-SU-2012:1081",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "https://hermes.opensuse.org/messages/15540172"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=841319"
            },
            {
              "name": "[oss-security] 20120816 pcp: Multiple security flaws",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2012/08/16/1"
            },
            {
              "name": "FEDORA-2012-12076",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-August/085333.html"
            },
            {
              "name": "openSUSE-SU-2012:1036",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "https://hermes.opensuse.org/messages/15471040"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=841704"
            },
            {
              "name": "FEDORA-2012-12024",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-August/085324.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=841298"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git%3Ba=commit%3Bh=68fb968b4ee635bb301dc9ab64e633b0d66d27b4"
            },
            {
              "name": "SUSE-SU-2013:0190",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00024.html"
            },
            {
              "name": "DSA-2533",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2012/dsa-2533"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git%3Ba=commit%3Bh=a7dc844d3586ea79887655a97c4252a79751fdae"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secalert@redhat.com",
              "ID": "CVE-2012-3420",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Multiple memory leaks in Performance Co-Pilot (PCP) before 3.6.5 allow remote attackers to cause a denial of service (memory consumption or daemon crash) via a large number of PDUs with (1) a crafted context number to the DoFetch function in pmcd/src/dofetch.c or (2) a negative type value to the __pmGetPDU function in libpcp/src/pdu.c."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git;a=blob;f=CHANGELOG;h=16c9cbb2f61d909487ea1c3171f4ab33e5648ac5;hb=fe51067ae869a4d59f350ac319b09edcb77ac8e6",
                  "refsource": "CONFIRM",
                  "url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git;a=blob;f=CHANGELOG;h=16c9cbb2f61d909487ea1c3171f4ab33e5648ac5;hb=fe51067ae869a4d59f350ac319b09edcb77ac8e6"
                },
                {
                  "name": "openSUSE-SU-2012:1079",
                  "refsource": "SUSE",
                  "url": "https://hermes.opensuse.org/messages/15540133"
                },
                {
                  "name": "openSUSE-SU-2012:1081",
                  "refsource": "SUSE",
                  "url": "https://hermes.opensuse.org/messages/15540172"
                },
                {
                  "name": "https://bugzilla.redhat.com/show_bug.cgi?id=841319",
                  "refsource": "MISC",
                  "url": "https://bugzilla.redhat.com/show_bug.cgi?id=841319"
                },
                {
                  "name": "[oss-security] 20120816 pcp: Multiple security flaws",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2012/08/16/1"
                },
                {
                  "name": "FEDORA-2012-12076",
                  "refsource": "FEDORA",
                  "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-August/085333.html"
                },
                {
                  "name": "openSUSE-SU-2012:1036",
                  "refsource": "SUSE",
                  "url": "https://hermes.opensuse.org/messages/15471040"
                },
                {
                  "name": "https://bugzilla.redhat.com/show_bug.cgi?id=841704",
                  "refsource": "MISC",
                  "url": "https://bugzilla.redhat.com/show_bug.cgi?id=841704"
                },
                {
                  "name": "FEDORA-2012-12024",
                  "refsource": "FEDORA",
                  "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-August/085324.html"
                },
                {
                  "name": "https://bugzilla.redhat.com/show_bug.cgi?id=841298",
                  "refsource": "MISC",
                  "url": "https://bugzilla.redhat.com/show_bug.cgi?id=841298"
                },
                {
                  "name": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git;a=commit;h=68fb968b4ee635bb301dc9ab64e633b0d66d27b4",
                  "refsource": "CONFIRM",
                  "url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git;a=commit;h=68fb968b4ee635bb301dc9ab64e633b0d66d27b4"
                },
                {
                  "name": "SUSE-SU-2013:0190",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00024.html"
                },
                {
                  "name": "DSA-2533",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2012/dsa-2533"
                },
                {
                  "name": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git;a=commit;h=a7dc844d3586ea79887655a97c4252a79751fdae",
                  "refsource": "CONFIRM",
                  "url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git;a=commit;h=a7dc844d3586ea79887655a97c4252a79751fdae"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2012-3420",
        "datePublished": "2012-08-27T23:00:00.000Z",
        "dateReserved": "2012-06-14T00:00:00.000Z",
        "dateUpdated": "2024-08-06T20:05:12.163Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2012-3421 (GCVE-0-2012-3421)

    Vulnerability from cvelistv5 – Published: 2012-08-27 23:00 – Updated: 2024-08-06 20:05
    VLAI
    Summary
    The pduread function in pdu.c in libpcp in Performance Co-Pilot (PCP) before 3.6.5 does not properly time out connections, which allows remote attackers to cause a denial of service (pmcd hang) by sending individual bytes of a PDU separately, related to an "event-driven programming flaw."
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2012-08-12 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T20:05:12.583Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git%3Ba=blob%3Bf=CHANGELOG%3Bh=16c9cbb2f61d909487ea1c3171f4ab33e5648ac5%3Bhb=fe51067ae869a4d59f350ac319b09edcb77ac8e6"
              },
              {
                "name": "openSUSE-SU-2012:1079",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "https://hermes.opensuse.org/messages/15540133"
              },
              {
                "name": "openSUSE-SU-2012:1081",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "https://hermes.opensuse.org/messages/15540172"
              },
              {
                "name": "[oss-security] 20120816 pcp: Multiple security flaws",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2012/08/16/1"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git%3Ba=commit%3Bh=9ba85dca940de976176ce196fd5e3c4170936354"
              },
              {
                "name": "FEDORA-2012-12076",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-August/085333.html"
              },
              {
                "name": "openSUSE-SU-2012:1036",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "https://hermes.opensuse.org/messages/15471040"
              },
              {
                "name": "FEDORA-2012-12024",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-August/085324.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=841706"
              },
              {
                "name": "SUSE-SU-2013:0190",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00024.html"
              },
              {
                "name": "DSA-2533",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2012/dsa-2533"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2012-08-12T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The pduread function in pdu.c in libpcp in Performance Co-Pilot (PCP) before 3.6.5 does not properly time out connections, which allows remote attackers to cause a denial of service (pmcd hang) by sending individual bytes of a PDU separately, related to an \"event-driven programming flaw.\""
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2012-09-07T09:00:00.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git%3Ba=blob%3Bf=CHANGELOG%3Bh=16c9cbb2f61d909487ea1c3171f4ab33e5648ac5%3Bhb=fe51067ae869a4d59f350ac319b09edcb77ac8e6"
            },
            {
              "name": "openSUSE-SU-2012:1079",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "https://hermes.opensuse.org/messages/15540133"
            },
            {
              "name": "openSUSE-SU-2012:1081",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "https://hermes.opensuse.org/messages/15540172"
            },
            {
              "name": "[oss-security] 20120816 pcp: Multiple security flaws",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2012/08/16/1"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git%3Ba=commit%3Bh=9ba85dca940de976176ce196fd5e3c4170936354"
            },
            {
              "name": "FEDORA-2012-12076",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-August/085333.html"
            },
            {
              "name": "openSUSE-SU-2012:1036",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "https://hermes.opensuse.org/messages/15471040"
            },
            {
              "name": "FEDORA-2012-12024",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-August/085324.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=841706"
            },
            {
              "name": "SUSE-SU-2013:0190",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00024.html"
            },
            {
              "name": "DSA-2533",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2012/dsa-2533"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secalert@redhat.com",
              "ID": "CVE-2012-3421",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The pduread function in pdu.c in libpcp in Performance Co-Pilot (PCP) before 3.6.5 does not properly time out connections, which allows remote attackers to cause a denial of service (pmcd hang) by sending individual bytes of a PDU separately, related to an \"event-driven programming flaw.\""
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git;a=blob;f=CHANGELOG;h=16c9cbb2f61d909487ea1c3171f4ab33e5648ac5;hb=fe51067ae869a4d59f350ac319b09edcb77ac8e6",
                  "refsource": "CONFIRM",
                  "url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git;a=blob;f=CHANGELOG;h=16c9cbb2f61d909487ea1c3171f4ab33e5648ac5;hb=fe51067ae869a4d59f350ac319b09edcb77ac8e6"
                },
                {
                  "name": "openSUSE-SU-2012:1079",
                  "refsource": "SUSE",
                  "url": "https://hermes.opensuse.org/messages/15540133"
                },
                {
                  "name": "openSUSE-SU-2012:1081",
                  "refsource": "SUSE",
                  "url": "https://hermes.opensuse.org/messages/15540172"
                },
                {
                  "name": "[oss-security] 20120816 pcp: Multiple security flaws",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2012/08/16/1"
                },
                {
                  "name": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git;a=commit;h=9ba85dca940de976176ce196fd5e3c4170936354",
                  "refsource": "CONFIRM",
                  "url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git;a=commit;h=9ba85dca940de976176ce196fd5e3c4170936354"
                },
                {
                  "name": "FEDORA-2012-12076",
                  "refsource": "FEDORA",
                  "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-August/085333.html"
                },
                {
                  "name": "openSUSE-SU-2012:1036",
                  "refsource": "SUSE",
                  "url": "https://hermes.opensuse.org/messages/15471040"
                },
                {
                  "name": "FEDORA-2012-12024",
                  "refsource": "FEDORA",
                  "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-August/085324.html"
                },
                {
                  "name": "https://bugzilla.redhat.com/show_bug.cgi?id=841706",
                  "refsource": "MISC",
                  "url": "https://bugzilla.redhat.com/show_bug.cgi?id=841706"
                },
                {
                  "name": "SUSE-SU-2013:0190",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00024.html"
                },
                {
                  "name": "DSA-2533",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2012/dsa-2533"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2012-3421",
        "datePublished": "2012-08-27T23:00:00.000Z",
        "dateReserved": "2012-06-14T00:00:00.000Z",
        "dateUpdated": "2024-08-06T20:05:12.583Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2001-0823 (GCVE-0-2001-0823)

    Vulnerability from cvelistv5 – Published: 2002-03-09 05:00 – Updated: 2024-08-08 04:37
    VLAI
    Summary
    The pmpost program in Performance Co-Pilot (PCP) before 2.2.1-3 allows a local user to gain privileges via a symlink attack on the NOTICES file in the PCP log directory (PCP_LOG_DIR).
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2001-06-18 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-08T04:37:06.210Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20010618 pmpost - another nice symlink follower",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=bugtraq\u0026m=99290754901708\u0026w=2"
              },
              {
                "name": "20010619 Re: pmpost - another nice symlink follower",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://archives.neohapsis.com/archives/bugtraq/2001-06/0245.html"
              },
              {
                "name": "2887",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/2887"
              },
              {
                "name": "irix-pcp-pmpost-symlink(6724)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6724"
              },
              {
                "name": "20010601-01-A",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SGI",
                  "x_transferred"
                ],
                "url": "ftp://patches.sgi.com/support/free/security/advisories/20010601-01-A"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2001-06-18T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The pmpost program in Performance Co-Pilot (PCP) before 2.2.1-3 allows a local user to gain privileges via a symlink attack on the NOTICES file in the PCP log directory (PCP_LOG_DIR)."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2001-11-28T10:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "20010618 pmpost - another nice symlink follower",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://marc.info/?l=bugtraq\u0026m=99290754901708\u0026w=2"
            },
            {
              "name": "20010619 Re: pmpost - another nice symlink follower",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://archives.neohapsis.com/archives/bugtraq/2001-06/0245.html"
            },
            {
              "name": "2887",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/2887"
            },
            {
              "name": "irix-pcp-pmpost-symlink(6724)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6724"
            },
            {
              "name": "20010601-01-A",
              "tags": [
                "vendor-advisory",
                "x_refsource_SGI"
              ],
              "url": "ftp://patches.sgi.com/support/free/security/advisories/20010601-01-A"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2001-0823",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The pmpost program in Performance Co-Pilot (PCP) before 2.2.1-3 allows a local user to gain privileges via a symlink attack on the NOTICES file in the PCP log directory (PCP_LOG_DIR)."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "20010618 pmpost - another nice symlink follower",
                  "refsource": "BUGTRAQ",
                  "url": "http://marc.info/?l=bugtraq\u0026m=99290754901708\u0026w=2"
                },
                {
                  "name": "20010619 Re: pmpost - another nice symlink follower",
                  "refsource": "BUGTRAQ",
                  "url": "http://archives.neohapsis.com/archives/bugtraq/2001-06/0245.html"
                },
                {
                  "name": "2887",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/2887"
                },
                {
                  "name": "irix-pcp-pmpost-symlink(6724)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6724"
                },
                {
                  "name": "20010601-01-A",
                  "refsource": "SGI",
                  "url": "ftp://patches.sgi.com/support/free/security/advisories/20010601-01-A"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2001-0823",
        "datePublished": "2002-03-09T05:00:00.000Z",
        "dateReserved": "2001-11-22T00:00:00.000Z",
        "dateUpdated": "2024-08-08T04:37:06.210Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }