Search criteria
14 vulnerabilities found for performance_co-pilot by sgi
CVE-2023-6917 (GCVE-0-2023-6917)
Vulnerability from nvd – Published: 2024-02-28 14:38 – Updated: 2025-11-20 18:07
VLAI?
Title
Pcp: unsafe use of directories allows pcp to root privilege escalation
Summary
A vulnerability has been identified in the Performance Co-Pilot (PCP) package, stemming from the mixed privilege levels utilized by systemd services associated with PCP. While certain services operate within the confines of limited PCP user/group privileges, others are granted full root privileges. This disparity in privilege levels poses a risk when privileged root processes interact with directories or directory trees owned by unprivileged PCP users. Specifically, this vulnerability may lead to the compromise of PCP user isolation and facilitate local PCP-to-root exploits, particularly through symlink attacks. These vulnerabilities underscore the importance of maintaining robust privilege separation mechanisms within PCP to mitigate the potential for unauthorized privilege escalation.
Severity ?
6 (Medium)
CWE
- CWE-378 - Creation of Temporary File With Insecure Permissions
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Red Hat | Red Hat Enterprise Linux 9 |
Unaffected:
0:6.2.0-1.el9 , < *
(rpm)
cpe:/a:redhat:enterprise_linux:9::appstream |
|||||||||||||||||
|
|||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:42:08.409Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2024:2213",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:2213"
},
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-6917"
},
{
"name": "RHBZ#2254983",
"tags": [
"issue-tracking",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254983"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-6917",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-28T20:00:24.999365Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-12T20:41:24.811Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:9::appstream"
],
"defaultStatus": "affected",
"packageName": "pcp",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:6.2.0-1.el9",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:6"
],
"defaultStatus": "unknown",
"packageName": "pcp",
"product": "Red Hat Enterprise Linux 6",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "unknown",
"packageName": "pcp",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "affected",
"packageName": "pcp",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
}
],
"datePublic": "2024-02-15T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in the Performance Co-Pilot (PCP) package, stemming from the mixed privilege levels utilized by systemd services associated with PCP. While certain services operate within the confines of limited PCP user/group privileges, others are granted full root privileges. This disparity in privilege levels poses a risk when privileged root processes interact with directories or directory trees owned by unprivileged PCP users. Specifically, this vulnerability may lead to the compromise of PCP user isolation and facilitate local PCP-to-root exploits, particularly through symlink attacks. These vulnerabilities underscore the importance of maintaining robust privilege separation mechanisms within PCP to mitigate the potential for unauthorized privilege escalation."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Moderate"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-378",
"description": "Creation of Temporary File With Insecure Permissions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-20T18:07:05.664Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2024:2213",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:2213"
},
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-6917"
},
{
"name": "RHBZ#2254983",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254983"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-12-14T00:00:00+00:00",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2024-02-15T00:00:00+00:00",
"value": "Made public."
}
],
"title": "Pcp: unsafe use of directories allows pcp to root privilege escalation",
"workarounds": [
{
"lang": "en",
"value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
}
],
"x_redhatCweChain": "(CWE-61|CWE-378): UNIX Symbolic Link (Symlink) Following or Creation of Temporary File With Insecure Permissions"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2023-6917",
"datePublished": "2024-02-28T14:38:19.258Z",
"dateReserved": "2023-12-18T11:14:14.230Z",
"dateUpdated": "2025-11-20T18:07:05.664Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2012-5530 (GCVE-0-2012-5530)
Vulnerability from nvd – Published: 2012-11-29 11:00 – Updated: 2024-08-06 21:05
VLAI?
Summary
The (1) pcmd and (2) pmlogger init scripts in Performance Co-Pilot (PCP) before 3.6.10 allow local users to overwrite arbitrary files via a symlink attack on a /var/tmp/##### temporary file.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:05:47.347Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "56656",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/56656"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=875842"
},
{
"name": "SUSE-SU-2013:0190",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00024.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=782967"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-11-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The (1) pcmd and (2) pmlogger init scripts in Performance Co-Pilot (PCP) before 3.6.10 allow local users to overwrite arbitrary files via a symlink attack on a /var/tmp/##### temporary file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-02-07T10:00:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "56656",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/56656"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=875842"
},
{
"name": "SUSE-SU-2013:0190",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00024.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=782967"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-5530",
"datePublished": "2012-11-29T11:00:00",
"dateReserved": "2012-10-24T00:00:00",
"dateUpdated": "2024-08-06T21:05:47.347Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-3421 (GCVE-0-2012-3421)
Vulnerability from nvd – Published: 2012-08-27 23:00 – Updated: 2024-08-06 20:05
VLAI?
Summary
The pduread function in pdu.c in libpcp in Performance Co-Pilot (PCP) before 3.6.5 does not properly time out connections, which allows remote attackers to cause a denial of service (pmcd hang) by sending individual bytes of a PDU separately, related to an "event-driven programming flaw."
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T20:05:12.583Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git%3Ba=blob%3Bf=CHANGELOG%3Bh=16c9cbb2f61d909487ea1c3171f4ab33e5648ac5%3Bhb=fe51067ae869a4d59f350ac319b09edcb77ac8e6"
},
{
"name": "openSUSE-SU-2012:1079",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "https://hermes.opensuse.org/messages/15540133"
},
{
"name": "openSUSE-SU-2012:1081",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "https://hermes.opensuse.org/messages/15540172"
},
{
"name": "[oss-security] 20120816 pcp: Multiple security flaws",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/08/16/1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git%3Ba=commit%3Bh=9ba85dca940de976176ce196fd5e3c4170936354"
},
{
"name": "FEDORA-2012-12076",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-August/085333.html"
},
{
"name": "openSUSE-SU-2012:1036",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "https://hermes.opensuse.org/messages/15471040"
},
{
"name": "FEDORA-2012-12024",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-August/085324.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=841706"
},
{
"name": "SUSE-SU-2013:0190",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00024.html"
},
{
"name": "DSA-2533",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2012/dsa-2533"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-08-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The pduread function in pdu.c in libpcp in Performance Co-Pilot (PCP) before 3.6.5 does not properly time out connections, which allows remote attackers to cause a denial of service (pmcd hang) by sending individual bytes of a PDU separately, related to an \"event-driven programming flaw.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-09-07T09:00:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git%3Ba=blob%3Bf=CHANGELOG%3Bh=16c9cbb2f61d909487ea1c3171f4ab33e5648ac5%3Bhb=fe51067ae869a4d59f350ac319b09edcb77ac8e6"
},
{
"name": "openSUSE-SU-2012:1079",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "https://hermes.opensuse.org/messages/15540133"
},
{
"name": "openSUSE-SU-2012:1081",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "https://hermes.opensuse.org/messages/15540172"
},
{
"name": "[oss-security] 20120816 pcp: Multiple security flaws",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/08/16/1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git%3Ba=commit%3Bh=9ba85dca940de976176ce196fd5e3c4170936354"
},
{
"name": "FEDORA-2012-12076",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-August/085333.html"
},
{
"name": "openSUSE-SU-2012:1036",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "https://hermes.opensuse.org/messages/15471040"
},
{
"name": "FEDORA-2012-12024",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-August/085324.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=841706"
},
{
"name": "SUSE-SU-2013:0190",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00024.html"
},
{
"name": "DSA-2533",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2012/dsa-2533"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-3421",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The pduread function in pdu.c in libpcp in Performance Co-Pilot (PCP) before 3.6.5 does not properly time out connections, which allows remote attackers to cause a denial of service (pmcd hang) by sending individual bytes of a PDU separately, related to an \"event-driven programming flaw.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git;a=blob;f=CHANGELOG;h=16c9cbb2f61d909487ea1c3171f4ab33e5648ac5;hb=fe51067ae869a4d59f350ac319b09edcb77ac8e6",
"refsource": "CONFIRM",
"url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git;a=blob;f=CHANGELOG;h=16c9cbb2f61d909487ea1c3171f4ab33e5648ac5;hb=fe51067ae869a4d59f350ac319b09edcb77ac8e6"
},
{
"name": "openSUSE-SU-2012:1079",
"refsource": "SUSE",
"url": "https://hermes.opensuse.org/messages/15540133"
},
{
"name": "openSUSE-SU-2012:1081",
"refsource": "SUSE",
"url": "https://hermes.opensuse.org/messages/15540172"
},
{
"name": "[oss-security] 20120816 pcp: Multiple security flaws",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/08/16/1"
},
{
"name": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git;a=commit;h=9ba85dca940de976176ce196fd5e3c4170936354",
"refsource": "CONFIRM",
"url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git;a=commit;h=9ba85dca940de976176ce196fd5e3c4170936354"
},
{
"name": "FEDORA-2012-12076",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-August/085333.html"
},
{
"name": "openSUSE-SU-2012:1036",
"refsource": "SUSE",
"url": "https://hermes.opensuse.org/messages/15471040"
},
{
"name": "FEDORA-2012-12024",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-August/085324.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=841706",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=841706"
},
{
"name": "SUSE-SU-2013:0190",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00024.html"
},
{
"name": "DSA-2533",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2012/dsa-2533"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-3421",
"datePublished": "2012-08-27T23:00:00",
"dateReserved": "2012-06-14T00:00:00",
"dateUpdated": "2024-08-06T20:05:12.583Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-3420 (GCVE-0-2012-3420)
Vulnerability from nvd – Published: 2012-08-27 23:00 – Updated: 2024-08-06 20:05
VLAI?
Summary
Multiple memory leaks in Performance Co-Pilot (PCP) before 3.6.5 allow remote attackers to cause a denial of service (memory consumption or daemon crash) via a large number of PDUs with (1) a crafted context number to the DoFetch function in pmcd/src/dofetch.c or (2) a negative type value to the __pmGetPDU function in libpcp/src/pdu.c.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T20:05:12.163Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git%3Ba=blob%3Bf=CHANGELOG%3Bh=16c9cbb2f61d909487ea1c3171f4ab33e5648ac5%3Bhb=fe51067ae869a4d59f350ac319b09edcb77ac8e6"
},
{
"name": "openSUSE-SU-2012:1079",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "https://hermes.opensuse.org/messages/15540133"
},
{
"name": "openSUSE-SU-2012:1081",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "https://hermes.opensuse.org/messages/15540172"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=841319"
},
{
"name": "[oss-security] 20120816 pcp: Multiple security flaws",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/08/16/1"
},
{
"name": "FEDORA-2012-12076",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-August/085333.html"
},
{
"name": "openSUSE-SU-2012:1036",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "https://hermes.opensuse.org/messages/15471040"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=841704"
},
{
"name": "FEDORA-2012-12024",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-August/085324.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=841298"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git%3Ba=commit%3Bh=68fb968b4ee635bb301dc9ab64e633b0d66d27b4"
},
{
"name": "SUSE-SU-2013:0190",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00024.html"
},
{
"name": "DSA-2533",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2012/dsa-2533"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git%3Ba=commit%3Bh=a7dc844d3586ea79887655a97c4252a79751fdae"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-08-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple memory leaks in Performance Co-Pilot (PCP) before 3.6.5 allow remote attackers to cause a denial of service (memory consumption or daemon crash) via a large number of PDUs with (1) a crafted context number to the DoFetch function in pmcd/src/dofetch.c or (2) a negative type value to the __pmGetPDU function in libpcp/src/pdu.c."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-09-07T09:00:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git%3Ba=blob%3Bf=CHANGELOG%3Bh=16c9cbb2f61d909487ea1c3171f4ab33e5648ac5%3Bhb=fe51067ae869a4d59f350ac319b09edcb77ac8e6"
},
{
"name": "openSUSE-SU-2012:1079",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "https://hermes.opensuse.org/messages/15540133"
},
{
"name": "openSUSE-SU-2012:1081",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "https://hermes.opensuse.org/messages/15540172"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=841319"
},
{
"name": "[oss-security] 20120816 pcp: Multiple security flaws",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/08/16/1"
},
{
"name": "FEDORA-2012-12076",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-August/085333.html"
},
{
"name": "openSUSE-SU-2012:1036",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "https://hermes.opensuse.org/messages/15471040"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=841704"
},
{
"name": "FEDORA-2012-12024",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-August/085324.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=841298"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git%3Ba=commit%3Bh=68fb968b4ee635bb301dc9ab64e633b0d66d27b4"
},
{
"name": "SUSE-SU-2013:0190",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00024.html"
},
{
"name": "DSA-2533",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2012/dsa-2533"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git%3Ba=commit%3Bh=a7dc844d3586ea79887655a97c4252a79751fdae"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-3420",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple memory leaks in Performance Co-Pilot (PCP) before 3.6.5 allow remote attackers to cause a denial of service (memory consumption or daemon crash) via a large number of PDUs with (1) a crafted context number to the DoFetch function in pmcd/src/dofetch.c or (2) a negative type value to the __pmGetPDU function in libpcp/src/pdu.c."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git;a=blob;f=CHANGELOG;h=16c9cbb2f61d909487ea1c3171f4ab33e5648ac5;hb=fe51067ae869a4d59f350ac319b09edcb77ac8e6",
"refsource": "CONFIRM",
"url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git;a=blob;f=CHANGELOG;h=16c9cbb2f61d909487ea1c3171f4ab33e5648ac5;hb=fe51067ae869a4d59f350ac319b09edcb77ac8e6"
},
{
"name": "openSUSE-SU-2012:1079",
"refsource": "SUSE",
"url": "https://hermes.opensuse.org/messages/15540133"
},
{
"name": "openSUSE-SU-2012:1081",
"refsource": "SUSE",
"url": "https://hermes.opensuse.org/messages/15540172"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=841319",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=841319"
},
{
"name": "[oss-security] 20120816 pcp: Multiple security flaws",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/08/16/1"
},
{
"name": "FEDORA-2012-12076",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-August/085333.html"
},
{
"name": "openSUSE-SU-2012:1036",
"refsource": "SUSE",
"url": "https://hermes.opensuse.org/messages/15471040"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=841704",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=841704"
},
{
"name": "FEDORA-2012-12024",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-August/085324.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=841298",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=841298"
},
{
"name": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git;a=commit;h=68fb968b4ee635bb301dc9ab64e633b0d66d27b4",
"refsource": "CONFIRM",
"url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git;a=commit;h=68fb968b4ee635bb301dc9ab64e633b0d66d27b4"
},
{
"name": "SUSE-SU-2013:0190",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00024.html"
},
{
"name": "DSA-2533",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2012/dsa-2533"
},
{
"name": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git;a=commit;h=a7dc844d3586ea79887655a97c4252a79751fdae",
"refsource": "CONFIRM",
"url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git;a=commit;h=a7dc844d3586ea79887655a97c4252a79751fdae"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-3420",
"datePublished": "2012-08-27T23:00:00",
"dateReserved": "2012-06-14T00:00:00",
"dateUpdated": "2024-08-06T20:05:12.163Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-3419 (GCVE-0-2012-3419)
Vulnerability from nvd – Published: 2012-08-27 23:00 – Updated: 2024-08-06 20:05
VLAI?
Summary
Performance Co-Pilot (PCP) before 3.6.5 exports some of the /proc file system, which allows attackers to obtain sensitive information such as proc/pid/maps and command line arguments.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T20:05:12.091Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git%3Ba=blob%3Bf=CHANGELOG%3Bh=16c9cbb2f61d909487ea1c3171f4ab33e5648ac5%3Bhb=fe51067ae869a4d59f350ac319b09edcb77ac8e6"
},
{
"name": "openSUSE-SU-2012:1079",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "https://hermes.opensuse.org/messages/15540133"
},
{
"name": "openSUSE-SU-2012:1081",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "https://hermes.opensuse.org/messages/15540172"
},
{
"name": "[oss-security] 20120816 pcp: Multiple security flaws",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/08/16/1"
},
{
"name": "FEDORA-2012-12076",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-August/085333.html"
},
{
"name": "openSUSE-SU-2012:1036",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "https://hermes.opensuse.org/messages/15471040"
},
{
"name": "FEDORA-2012-12024",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-August/085324.html"
},
{
"name": "SUSE-SU-2013:0190",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00024.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=841702"
},
{
"name": "DSA-2533",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2012/dsa-2533"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-08-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Performance Co-Pilot (PCP) before 3.6.5 exports some of the /proc file system, which allows attackers to obtain sensitive information such as proc/pid/maps and command line arguments."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-09-07T09:00:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git%3Ba=blob%3Bf=CHANGELOG%3Bh=16c9cbb2f61d909487ea1c3171f4ab33e5648ac5%3Bhb=fe51067ae869a4d59f350ac319b09edcb77ac8e6"
},
{
"name": "openSUSE-SU-2012:1079",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "https://hermes.opensuse.org/messages/15540133"
},
{
"name": "openSUSE-SU-2012:1081",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "https://hermes.opensuse.org/messages/15540172"
},
{
"name": "[oss-security] 20120816 pcp: Multiple security flaws",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/08/16/1"
},
{
"name": "FEDORA-2012-12076",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-August/085333.html"
},
{
"name": "openSUSE-SU-2012:1036",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "https://hermes.opensuse.org/messages/15471040"
},
{
"name": "FEDORA-2012-12024",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-August/085324.html"
},
{
"name": "SUSE-SU-2013:0190",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00024.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=841702"
},
{
"name": "DSA-2533",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2012/dsa-2533"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-3419",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Performance Co-Pilot (PCP) before 3.6.5 exports some of the /proc file system, which allows attackers to obtain sensitive information such as proc/pid/maps and command line arguments."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git;a=blob;f=CHANGELOG;h=16c9cbb2f61d909487ea1c3171f4ab33e5648ac5;hb=fe51067ae869a4d59f350ac319b09edcb77ac8e6",
"refsource": "CONFIRM",
"url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git;a=blob;f=CHANGELOG;h=16c9cbb2f61d909487ea1c3171f4ab33e5648ac5;hb=fe51067ae869a4d59f350ac319b09edcb77ac8e6"
},
{
"name": "openSUSE-SU-2012:1079",
"refsource": "SUSE",
"url": "https://hermes.opensuse.org/messages/15540133"
},
{
"name": "openSUSE-SU-2012:1081",
"refsource": "SUSE",
"url": "https://hermes.opensuse.org/messages/15540172"
},
{
"name": "[oss-security] 20120816 pcp: Multiple security flaws",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/08/16/1"
},
{
"name": "FEDORA-2012-12076",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-August/085333.html"
},
{
"name": "openSUSE-SU-2012:1036",
"refsource": "SUSE",
"url": "https://hermes.opensuse.org/messages/15471040"
},
{
"name": "FEDORA-2012-12024",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-August/085324.html"
},
{
"name": "SUSE-SU-2013:0190",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00024.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=841702",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=841702"
},
{
"name": "DSA-2533",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2012/dsa-2533"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-3419",
"datePublished": "2012-08-27T23:00:00",
"dateReserved": "2012-06-14T00:00:00",
"dateUpdated": "2024-08-06T20:05:12.091Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-3418 (GCVE-0-2012-3418)
Vulnerability from nvd – Published: 2012-08-27 23:00 – Updated: 2024-08-06 20:05
VLAI?
Summary
libpcp in Performance Co-Pilot (PCP) before 3.6.5 allows remote attackers to cause a denial of service and possibly execute arbitrary code via (1) a PDU with the numcreds field value greater than the number of actual elements to the __pmDecodeCreds function in p_creds.c; (2) the string byte number value to the __pmDecodeNameList function in p_pmns.c; (3) the numids value to the __pmDecodeIDList function in p_pmns.c; (4) unspecified vectors to the __pmDecodeProfile function in p_profile.c; the (5) status number value or (6) string number value to the __pmDecodeNameList function in p_pmns.c; (7) certain input to the __pmDecodeResult function in p_result.c; (8) the name length field (namelen) to the DecodeNameReq function in p_pmns.c; (9) a crafted PDU_FETCH request to the __pmDecodeFetch function in p_fetch.c; (10) the namelen field in the __pmDecodeInstanceReq function in p_instance.c; (11) the buflen field to the __pmDecodeText function in p_text.c; (12) PDU_INSTANCE packets to the __pmDecodeInstance in p_instance.c; or the (13) c_numpmid or (14) v_numval fields to the __pmDecodeLogControl function in p_lcontrol.c, which triggers integer overflows, heap-based buffer overflows, and/or buffer over-reads.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T20:05:12.135Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=841249"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git%3Ba=commitdiff%3Bh=49c679c44425915a8d6aa4af5f90b35384843c12"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git%3Ba=blob%3Bf=CHANGELOG%3Bh=16c9cbb2f61d909487ea1c3171f4ab33e5648ac5%3Bhb=fe51067ae869a4d59f350ac319b09edcb77ac8e6"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=841183"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=840822"
},
{
"name": "openSUSE-SU-2012:1079",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "https://hermes.opensuse.org/messages/15540133"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=841698"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=841284"
},
{
"name": "openSUSE-SU-2012:1081",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "https://hermes.opensuse.org/messages/15540172"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git%3Ba=commit%3Bh=e4faa1f0ba29151340920d975fc7639adf8371d5"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git%3Ba=commit%3Bh=b441980d53be1835b25f0cd6bcc0062da82032dd"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=840920"
},
{
"name": "[oss-security] 20120816 pcp: Multiple security flaws",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/08/16/1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git%3Ba=commit%3Bh=babd6c5c527f87ec838c13a1b4eba612af6ea27c"
},
{
"name": "FEDORA-2012-12076",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-August/085333.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=841112"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git%3Ba=commit%3Bh=f190942b552aa80d59bbe718866aa00b8e3fd5cc"
},
{
"name": "openSUSE-SU-2012:1036",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "https://hermes.opensuse.org/messages/15471040"
},
{
"name": "FEDORA-2012-12024",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-August/085324.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git%3Ba=commitdiff%3Bh=f0eaefe046b1061797f45b0c20bb2ac371b504a5"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=841126"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=841159"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git%3Ba=commitdiff%3Bh=7eb479b91ef12bf89a15b078af2107c8c4746a4a"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git%3Ba=commitdiff%3Bh=9f4e392c97ce42744ec73f82268ce6c815fdca0e"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=841240"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=841180"
},
{
"name": "SUSE-SU-2013:0190",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00024.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git%3Ba=commitdiff%3Bh=cced6012b4b93bfb640a9678589ced5416743910"
},
{
"name": "DSA-2533",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2012/dsa-2533"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git%3Ba=commitdiff%3Bh=bfb3ab8c6b3d75b1a6580feee76a7d0925a3633c"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-08-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "libpcp in Performance Co-Pilot (PCP) before 3.6.5 allows remote attackers to cause a denial of service and possibly execute arbitrary code via (1) a PDU with the numcreds field value greater than the number of actual elements to the __pmDecodeCreds function in p_creds.c; (2) the string byte number value to the __pmDecodeNameList function in p_pmns.c; (3) the numids value to the __pmDecodeIDList function in p_pmns.c; (4) unspecified vectors to the __pmDecodeProfile function in p_profile.c; the (5) status number value or (6) string number value to the __pmDecodeNameList function in p_pmns.c; (7) certain input to the __pmDecodeResult function in p_result.c; (8) the name length field (namelen) to the DecodeNameReq function in p_pmns.c; (9) a crafted PDU_FETCH request to the __pmDecodeFetch function in p_fetch.c; (10) the namelen field in the __pmDecodeInstanceReq function in p_instance.c; (11) the buflen field to the __pmDecodeText function in p_text.c; (12) PDU_INSTANCE packets to the __pmDecodeInstance in p_instance.c; or the (13) c_numpmid or (14) v_numval fields to the __pmDecodeLogControl function in p_lcontrol.c, which triggers integer overflows, heap-based buffer overflows, and/or buffer over-reads."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-09-07T09:00:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=841249"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git%3Ba=commitdiff%3Bh=49c679c44425915a8d6aa4af5f90b35384843c12"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git%3Ba=blob%3Bf=CHANGELOG%3Bh=16c9cbb2f61d909487ea1c3171f4ab33e5648ac5%3Bhb=fe51067ae869a4d59f350ac319b09edcb77ac8e6"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=841183"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=840822"
},
{
"name": "openSUSE-SU-2012:1079",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "https://hermes.opensuse.org/messages/15540133"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=841698"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=841284"
},
{
"name": "openSUSE-SU-2012:1081",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "https://hermes.opensuse.org/messages/15540172"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git%3Ba=commit%3Bh=e4faa1f0ba29151340920d975fc7639adf8371d5"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git%3Ba=commit%3Bh=b441980d53be1835b25f0cd6bcc0062da82032dd"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=840920"
},
{
"name": "[oss-security] 20120816 pcp: Multiple security flaws",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/08/16/1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git%3Ba=commit%3Bh=babd6c5c527f87ec838c13a1b4eba612af6ea27c"
},
{
"name": "FEDORA-2012-12076",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-August/085333.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=841112"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git%3Ba=commit%3Bh=f190942b552aa80d59bbe718866aa00b8e3fd5cc"
},
{
"name": "openSUSE-SU-2012:1036",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "https://hermes.opensuse.org/messages/15471040"
},
{
"name": "FEDORA-2012-12024",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-August/085324.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git%3Ba=commitdiff%3Bh=f0eaefe046b1061797f45b0c20bb2ac371b504a5"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=841126"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=841159"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git%3Ba=commitdiff%3Bh=7eb479b91ef12bf89a15b078af2107c8c4746a4a"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git%3Ba=commitdiff%3Bh=9f4e392c97ce42744ec73f82268ce6c815fdca0e"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=841240"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=841180"
},
{
"name": "SUSE-SU-2013:0190",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00024.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git%3Ba=commitdiff%3Bh=cced6012b4b93bfb640a9678589ced5416743910"
},
{
"name": "DSA-2533",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2012/dsa-2533"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git%3Ba=commitdiff%3Bh=bfb3ab8c6b3d75b1a6580feee76a7d0925a3633c"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-3418",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "libpcp in Performance Co-Pilot (PCP) before 3.6.5 allows remote attackers to cause a denial of service and possibly execute arbitrary code via (1) a PDU with the numcreds field value greater than the number of actual elements to the __pmDecodeCreds function in p_creds.c; (2) the string byte number value to the __pmDecodeNameList function in p_pmns.c; (3) the numids value to the __pmDecodeIDList function in p_pmns.c; (4) unspecified vectors to the __pmDecodeProfile function in p_profile.c; the (5) status number value or (6) string number value to the __pmDecodeNameList function in p_pmns.c; (7) certain input to the __pmDecodeResult function in p_result.c; (8) the name length field (namelen) to the DecodeNameReq function in p_pmns.c; (9) a crafted PDU_FETCH request to the __pmDecodeFetch function in p_fetch.c; (10) the namelen field in the __pmDecodeInstanceReq function in p_instance.c; (11) the buflen field to the __pmDecodeText function in p_text.c; (12) PDU_INSTANCE packets to the __pmDecodeInstance in p_instance.c; or the (13) c_numpmid or (14) v_numval fields to the __pmDecodeLogControl function in p_lcontrol.c, which triggers integer overflows, heap-based buffer overflows, and/or buffer over-reads."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=841249",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=841249"
},
{
"name": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git;a=commitdiff;h=49c679c44425915a8d6aa4af5f90b35384843c12",
"refsource": "CONFIRM",
"url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git;a=commitdiff;h=49c679c44425915a8d6aa4af5f90b35384843c12"
},
{
"name": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git;a=blob;f=CHANGELOG;h=16c9cbb2f61d909487ea1c3171f4ab33e5648ac5;hb=fe51067ae869a4d59f350ac319b09edcb77ac8e6",
"refsource": "CONFIRM",
"url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git;a=blob;f=CHANGELOG;h=16c9cbb2f61d909487ea1c3171f4ab33e5648ac5;hb=fe51067ae869a4d59f350ac319b09edcb77ac8e6"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=841183",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=841183"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=840822",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=840822"
},
{
"name": "openSUSE-SU-2012:1079",
"refsource": "SUSE",
"url": "https://hermes.opensuse.org/messages/15540133"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=841698",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=841698"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=841284",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=841284"
},
{
"name": "openSUSE-SU-2012:1081",
"refsource": "SUSE",
"url": "https://hermes.opensuse.org/messages/15540172"
},
{
"name": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git;a=commit;h=e4faa1f0ba29151340920d975fc7639adf8371d5",
"refsource": "CONFIRM",
"url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git;a=commit;h=e4faa1f0ba29151340920d975fc7639adf8371d5"
},
{
"name": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git;a=commit;h=b441980d53be1835b25f0cd6bcc0062da82032dd",
"refsource": "CONFIRM",
"url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git;a=commit;h=b441980d53be1835b25f0cd6bcc0062da82032dd"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=840920",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=840920"
},
{
"name": "[oss-security] 20120816 pcp: Multiple security flaws",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/08/16/1"
},
{
"name": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git;a=commit;h=babd6c5c527f87ec838c13a1b4eba612af6ea27c",
"refsource": "CONFIRM",
"url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git;a=commit;h=babd6c5c527f87ec838c13a1b4eba612af6ea27c"
},
{
"name": "FEDORA-2012-12076",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-August/085333.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=841112",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=841112"
},
{
"name": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git;a=commit;h=f190942b552aa80d59bbe718866aa00b8e3fd5cc",
"refsource": "CONFIRM",
"url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git;a=commit;h=f190942b552aa80d59bbe718866aa00b8e3fd5cc"
},
{
"name": "openSUSE-SU-2012:1036",
"refsource": "SUSE",
"url": "https://hermes.opensuse.org/messages/15471040"
},
{
"name": "FEDORA-2012-12024",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-August/085324.html"
},
{
"name": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git;a=commitdiff;h=f0eaefe046b1061797f45b0c20bb2ac371b504a5",
"refsource": "CONFIRM",
"url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git;a=commitdiff;h=f0eaefe046b1061797f45b0c20bb2ac371b504a5"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=841126",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=841126"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=841159",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=841159"
},
{
"name": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git;a=commitdiff;h=7eb479b91ef12bf89a15b078af2107c8c4746a4a",
"refsource": "CONFIRM",
"url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git;a=commitdiff;h=7eb479b91ef12bf89a15b078af2107c8c4746a4a"
},
{
"name": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git;a=commitdiff;h=9f4e392c97ce42744ec73f82268ce6c815fdca0e",
"refsource": "CONFIRM",
"url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git;a=commitdiff;h=9f4e392c97ce42744ec73f82268ce6c815fdca0e"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=841240",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=841240"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=841180",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=841180"
},
{
"name": "SUSE-SU-2013:0190",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00024.html"
},
{
"name": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git;a=commitdiff;h=cced6012b4b93bfb640a9678589ced5416743910",
"refsource": "CONFIRM",
"url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git;a=commitdiff;h=cced6012b4b93bfb640a9678589ced5416743910"
},
{
"name": "DSA-2533",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2012/dsa-2533"
},
{
"name": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git;a=commitdiff;h=bfb3ab8c6b3d75b1a6580feee76a7d0925a3633c",
"refsource": "CONFIRM",
"url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git;a=commitdiff;h=bfb3ab8c6b3d75b1a6580feee76a7d0925a3633c"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-3418",
"datePublished": "2012-08-27T23:00:00",
"dateReserved": "2012-06-14T00:00:00",
"dateUpdated": "2024-08-06T20:05:12.135Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2001-0823 (GCVE-0-2001-0823)
Vulnerability from nvd – Published: 2002-03-09 05:00 – Updated: 2024-08-08 04:37
VLAI?
Summary
The pmpost program in Performance Co-Pilot (PCP) before 2.2.1-3 allows a local user to gain privileges via a symlink attack on the NOTICES file in the PCP log directory (PCP_LOG_DIR).
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T04:37:06.210Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20010618 pmpost - another nice symlink follower",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=99290754901708\u0026w=2"
},
{
"name": "20010619 Re: pmpost - another nice symlink follower",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-06/0245.html"
},
{
"name": "2887",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/2887"
},
{
"name": "irix-pcp-pmpost-symlink(6724)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6724"
},
{
"name": "20010601-01-A",
"tags": [
"vendor-advisory",
"x_refsource_SGI",
"x_transferred"
],
"url": "ftp://patches.sgi.com/support/free/security/advisories/20010601-01-A"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2001-06-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The pmpost program in Performance Co-Pilot (PCP) before 2.2.1-3 allows a local user to gain privileges via a symlink attack on the NOTICES file in the PCP log directory (PCP_LOG_DIR)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2001-11-28T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20010618 pmpost - another nice symlink follower",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=99290754901708\u0026w=2"
},
{
"name": "20010619 Re: pmpost - another nice symlink follower",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-06/0245.html"
},
{
"name": "2887",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/2887"
},
{
"name": "irix-pcp-pmpost-symlink(6724)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6724"
},
{
"name": "20010601-01-A",
"tags": [
"vendor-advisory",
"x_refsource_SGI"
],
"url": "ftp://patches.sgi.com/support/free/security/advisories/20010601-01-A"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2001-0823",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The pmpost program in Performance Co-Pilot (PCP) before 2.2.1-3 allows a local user to gain privileges via a symlink attack on the NOTICES file in the PCP log directory (PCP_LOG_DIR)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20010618 pmpost - another nice symlink follower",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=99290754901708\u0026w=2"
},
{
"name": "20010619 Re: pmpost - another nice symlink follower",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-06/0245.html"
},
{
"name": "2887",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/2887"
},
{
"name": "irix-pcp-pmpost-symlink(6724)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6724"
},
{
"name": "20010601-01-A",
"refsource": "SGI",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20010601-01-A"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2001-0823",
"datePublished": "2002-03-09T05:00:00",
"dateReserved": "2001-11-22T00:00:00",
"dateUpdated": "2024-08-08T04:37:06.210Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-6917 (GCVE-0-2023-6917)
Vulnerability from cvelistv5 – Published: 2024-02-28 14:38 – Updated: 2025-11-20 18:07
VLAI?
Title
Pcp: unsafe use of directories allows pcp to root privilege escalation
Summary
A vulnerability has been identified in the Performance Co-Pilot (PCP) package, stemming from the mixed privilege levels utilized by systemd services associated with PCP. While certain services operate within the confines of limited PCP user/group privileges, others are granted full root privileges. This disparity in privilege levels poses a risk when privileged root processes interact with directories or directory trees owned by unprivileged PCP users. Specifically, this vulnerability may lead to the compromise of PCP user isolation and facilitate local PCP-to-root exploits, particularly through symlink attacks. These vulnerabilities underscore the importance of maintaining robust privilege separation mechanisms within PCP to mitigate the potential for unauthorized privilege escalation.
Severity ?
6 (Medium)
CWE
- CWE-378 - Creation of Temporary File With Insecure Permissions
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Red Hat | Red Hat Enterprise Linux 9 |
Unaffected:
0:6.2.0-1.el9 , < *
(rpm)
cpe:/a:redhat:enterprise_linux:9::appstream |
|||||||||||||||||
|
|||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:42:08.409Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2024:2213",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:2213"
},
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-6917"
},
{
"name": "RHBZ#2254983",
"tags": [
"issue-tracking",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254983"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-6917",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-28T20:00:24.999365Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-12T20:41:24.811Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:9::appstream"
],
"defaultStatus": "affected",
"packageName": "pcp",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:6.2.0-1.el9",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:6"
],
"defaultStatus": "unknown",
"packageName": "pcp",
"product": "Red Hat Enterprise Linux 6",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "unknown",
"packageName": "pcp",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "affected",
"packageName": "pcp",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
}
],
"datePublic": "2024-02-15T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in the Performance Co-Pilot (PCP) package, stemming from the mixed privilege levels utilized by systemd services associated with PCP. While certain services operate within the confines of limited PCP user/group privileges, others are granted full root privileges. This disparity in privilege levels poses a risk when privileged root processes interact with directories or directory trees owned by unprivileged PCP users. Specifically, this vulnerability may lead to the compromise of PCP user isolation and facilitate local PCP-to-root exploits, particularly through symlink attacks. These vulnerabilities underscore the importance of maintaining robust privilege separation mechanisms within PCP to mitigate the potential for unauthorized privilege escalation."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Moderate"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-378",
"description": "Creation of Temporary File With Insecure Permissions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-20T18:07:05.664Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2024:2213",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:2213"
},
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-6917"
},
{
"name": "RHBZ#2254983",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254983"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-12-14T00:00:00+00:00",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2024-02-15T00:00:00+00:00",
"value": "Made public."
}
],
"title": "Pcp: unsafe use of directories allows pcp to root privilege escalation",
"workarounds": [
{
"lang": "en",
"value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
}
],
"x_redhatCweChain": "(CWE-61|CWE-378): UNIX Symbolic Link (Symlink) Following or Creation of Temporary File With Insecure Permissions"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2023-6917",
"datePublished": "2024-02-28T14:38:19.258Z",
"dateReserved": "2023-12-18T11:14:14.230Z",
"dateUpdated": "2025-11-20T18:07:05.664Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2012-5530 (GCVE-0-2012-5530)
Vulnerability from cvelistv5 – Published: 2012-11-29 11:00 – Updated: 2024-08-06 21:05
VLAI?
Summary
The (1) pcmd and (2) pmlogger init scripts in Performance Co-Pilot (PCP) before 3.6.10 allow local users to overwrite arbitrary files via a symlink attack on a /var/tmp/##### temporary file.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:05:47.347Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "56656",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/56656"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=875842"
},
{
"name": "SUSE-SU-2013:0190",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00024.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=782967"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-11-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The (1) pcmd and (2) pmlogger init scripts in Performance Co-Pilot (PCP) before 3.6.10 allow local users to overwrite arbitrary files via a symlink attack on a /var/tmp/##### temporary file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-02-07T10:00:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "56656",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/56656"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=875842"
},
{
"name": "SUSE-SU-2013:0190",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00024.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=782967"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-5530",
"datePublished": "2012-11-29T11:00:00",
"dateReserved": "2012-10-24T00:00:00",
"dateUpdated": "2024-08-06T21:05:47.347Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-3420 (GCVE-0-2012-3420)
Vulnerability from cvelistv5 – Published: 2012-08-27 23:00 – Updated: 2024-08-06 20:05
VLAI?
Summary
Multiple memory leaks in Performance Co-Pilot (PCP) before 3.6.5 allow remote attackers to cause a denial of service (memory consumption or daemon crash) via a large number of PDUs with (1) a crafted context number to the DoFetch function in pmcd/src/dofetch.c or (2) a negative type value to the __pmGetPDU function in libpcp/src/pdu.c.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T20:05:12.163Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git%3Ba=blob%3Bf=CHANGELOG%3Bh=16c9cbb2f61d909487ea1c3171f4ab33e5648ac5%3Bhb=fe51067ae869a4d59f350ac319b09edcb77ac8e6"
},
{
"name": "openSUSE-SU-2012:1079",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "https://hermes.opensuse.org/messages/15540133"
},
{
"name": "openSUSE-SU-2012:1081",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "https://hermes.opensuse.org/messages/15540172"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=841319"
},
{
"name": "[oss-security] 20120816 pcp: Multiple security flaws",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/08/16/1"
},
{
"name": "FEDORA-2012-12076",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-August/085333.html"
},
{
"name": "openSUSE-SU-2012:1036",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "https://hermes.opensuse.org/messages/15471040"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=841704"
},
{
"name": "FEDORA-2012-12024",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-August/085324.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=841298"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git%3Ba=commit%3Bh=68fb968b4ee635bb301dc9ab64e633b0d66d27b4"
},
{
"name": "SUSE-SU-2013:0190",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00024.html"
},
{
"name": "DSA-2533",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2012/dsa-2533"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git%3Ba=commit%3Bh=a7dc844d3586ea79887655a97c4252a79751fdae"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-08-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple memory leaks in Performance Co-Pilot (PCP) before 3.6.5 allow remote attackers to cause a denial of service (memory consumption or daemon crash) via a large number of PDUs with (1) a crafted context number to the DoFetch function in pmcd/src/dofetch.c or (2) a negative type value to the __pmGetPDU function in libpcp/src/pdu.c."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-09-07T09:00:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git%3Ba=blob%3Bf=CHANGELOG%3Bh=16c9cbb2f61d909487ea1c3171f4ab33e5648ac5%3Bhb=fe51067ae869a4d59f350ac319b09edcb77ac8e6"
},
{
"name": "openSUSE-SU-2012:1079",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "https://hermes.opensuse.org/messages/15540133"
},
{
"name": "openSUSE-SU-2012:1081",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "https://hermes.opensuse.org/messages/15540172"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=841319"
},
{
"name": "[oss-security] 20120816 pcp: Multiple security flaws",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/08/16/1"
},
{
"name": "FEDORA-2012-12076",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-August/085333.html"
},
{
"name": "openSUSE-SU-2012:1036",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "https://hermes.opensuse.org/messages/15471040"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=841704"
},
{
"name": "FEDORA-2012-12024",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-August/085324.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=841298"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git%3Ba=commit%3Bh=68fb968b4ee635bb301dc9ab64e633b0d66d27b4"
},
{
"name": "SUSE-SU-2013:0190",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00024.html"
},
{
"name": "DSA-2533",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2012/dsa-2533"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git%3Ba=commit%3Bh=a7dc844d3586ea79887655a97c4252a79751fdae"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-3420",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple memory leaks in Performance Co-Pilot (PCP) before 3.6.5 allow remote attackers to cause a denial of service (memory consumption or daemon crash) via a large number of PDUs with (1) a crafted context number to the DoFetch function in pmcd/src/dofetch.c or (2) a negative type value to the __pmGetPDU function in libpcp/src/pdu.c."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git;a=blob;f=CHANGELOG;h=16c9cbb2f61d909487ea1c3171f4ab33e5648ac5;hb=fe51067ae869a4d59f350ac319b09edcb77ac8e6",
"refsource": "CONFIRM",
"url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git;a=blob;f=CHANGELOG;h=16c9cbb2f61d909487ea1c3171f4ab33e5648ac5;hb=fe51067ae869a4d59f350ac319b09edcb77ac8e6"
},
{
"name": "openSUSE-SU-2012:1079",
"refsource": "SUSE",
"url": "https://hermes.opensuse.org/messages/15540133"
},
{
"name": "openSUSE-SU-2012:1081",
"refsource": "SUSE",
"url": "https://hermes.opensuse.org/messages/15540172"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=841319",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=841319"
},
{
"name": "[oss-security] 20120816 pcp: Multiple security flaws",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/08/16/1"
},
{
"name": "FEDORA-2012-12076",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-August/085333.html"
},
{
"name": "openSUSE-SU-2012:1036",
"refsource": "SUSE",
"url": "https://hermes.opensuse.org/messages/15471040"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=841704",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=841704"
},
{
"name": "FEDORA-2012-12024",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-August/085324.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=841298",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=841298"
},
{
"name": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git;a=commit;h=68fb968b4ee635bb301dc9ab64e633b0d66d27b4",
"refsource": "CONFIRM",
"url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git;a=commit;h=68fb968b4ee635bb301dc9ab64e633b0d66d27b4"
},
{
"name": "SUSE-SU-2013:0190",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00024.html"
},
{
"name": "DSA-2533",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2012/dsa-2533"
},
{
"name": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git;a=commit;h=a7dc844d3586ea79887655a97c4252a79751fdae",
"refsource": "CONFIRM",
"url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git;a=commit;h=a7dc844d3586ea79887655a97c4252a79751fdae"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-3420",
"datePublished": "2012-08-27T23:00:00",
"dateReserved": "2012-06-14T00:00:00",
"dateUpdated": "2024-08-06T20:05:12.163Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-3418 (GCVE-0-2012-3418)
Vulnerability from cvelistv5 – Published: 2012-08-27 23:00 – Updated: 2024-08-06 20:05
VLAI?
Summary
libpcp in Performance Co-Pilot (PCP) before 3.6.5 allows remote attackers to cause a denial of service and possibly execute arbitrary code via (1) a PDU with the numcreds field value greater than the number of actual elements to the __pmDecodeCreds function in p_creds.c; (2) the string byte number value to the __pmDecodeNameList function in p_pmns.c; (3) the numids value to the __pmDecodeIDList function in p_pmns.c; (4) unspecified vectors to the __pmDecodeProfile function in p_profile.c; the (5) status number value or (6) string number value to the __pmDecodeNameList function in p_pmns.c; (7) certain input to the __pmDecodeResult function in p_result.c; (8) the name length field (namelen) to the DecodeNameReq function in p_pmns.c; (9) a crafted PDU_FETCH request to the __pmDecodeFetch function in p_fetch.c; (10) the namelen field in the __pmDecodeInstanceReq function in p_instance.c; (11) the buflen field to the __pmDecodeText function in p_text.c; (12) PDU_INSTANCE packets to the __pmDecodeInstance in p_instance.c; or the (13) c_numpmid or (14) v_numval fields to the __pmDecodeLogControl function in p_lcontrol.c, which triggers integer overflows, heap-based buffer overflows, and/or buffer over-reads.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T20:05:12.135Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=841249"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git%3Ba=commitdiff%3Bh=49c679c44425915a8d6aa4af5f90b35384843c12"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git%3Ba=blob%3Bf=CHANGELOG%3Bh=16c9cbb2f61d909487ea1c3171f4ab33e5648ac5%3Bhb=fe51067ae869a4d59f350ac319b09edcb77ac8e6"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=841183"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=840822"
},
{
"name": "openSUSE-SU-2012:1079",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "https://hermes.opensuse.org/messages/15540133"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=841698"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=841284"
},
{
"name": "openSUSE-SU-2012:1081",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "https://hermes.opensuse.org/messages/15540172"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git%3Ba=commit%3Bh=e4faa1f0ba29151340920d975fc7639adf8371d5"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git%3Ba=commit%3Bh=b441980d53be1835b25f0cd6bcc0062da82032dd"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=840920"
},
{
"name": "[oss-security] 20120816 pcp: Multiple security flaws",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/08/16/1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git%3Ba=commit%3Bh=babd6c5c527f87ec838c13a1b4eba612af6ea27c"
},
{
"name": "FEDORA-2012-12076",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-August/085333.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=841112"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git%3Ba=commit%3Bh=f190942b552aa80d59bbe718866aa00b8e3fd5cc"
},
{
"name": "openSUSE-SU-2012:1036",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "https://hermes.opensuse.org/messages/15471040"
},
{
"name": "FEDORA-2012-12024",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-August/085324.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git%3Ba=commitdiff%3Bh=f0eaefe046b1061797f45b0c20bb2ac371b504a5"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=841126"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=841159"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git%3Ba=commitdiff%3Bh=7eb479b91ef12bf89a15b078af2107c8c4746a4a"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git%3Ba=commitdiff%3Bh=9f4e392c97ce42744ec73f82268ce6c815fdca0e"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=841240"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=841180"
},
{
"name": "SUSE-SU-2013:0190",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00024.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git%3Ba=commitdiff%3Bh=cced6012b4b93bfb640a9678589ced5416743910"
},
{
"name": "DSA-2533",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2012/dsa-2533"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git%3Ba=commitdiff%3Bh=bfb3ab8c6b3d75b1a6580feee76a7d0925a3633c"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-08-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "libpcp in Performance Co-Pilot (PCP) before 3.6.5 allows remote attackers to cause a denial of service and possibly execute arbitrary code via (1) a PDU with the numcreds field value greater than the number of actual elements to the __pmDecodeCreds function in p_creds.c; (2) the string byte number value to the __pmDecodeNameList function in p_pmns.c; (3) the numids value to the __pmDecodeIDList function in p_pmns.c; (4) unspecified vectors to the __pmDecodeProfile function in p_profile.c; the (5) status number value or (6) string number value to the __pmDecodeNameList function in p_pmns.c; (7) certain input to the __pmDecodeResult function in p_result.c; (8) the name length field (namelen) to the DecodeNameReq function in p_pmns.c; (9) a crafted PDU_FETCH request to the __pmDecodeFetch function in p_fetch.c; (10) the namelen field in the __pmDecodeInstanceReq function in p_instance.c; (11) the buflen field to the __pmDecodeText function in p_text.c; (12) PDU_INSTANCE packets to the __pmDecodeInstance in p_instance.c; or the (13) c_numpmid or (14) v_numval fields to the __pmDecodeLogControl function in p_lcontrol.c, which triggers integer overflows, heap-based buffer overflows, and/or buffer over-reads."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-09-07T09:00:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=841249"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git%3Ba=commitdiff%3Bh=49c679c44425915a8d6aa4af5f90b35384843c12"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git%3Ba=blob%3Bf=CHANGELOG%3Bh=16c9cbb2f61d909487ea1c3171f4ab33e5648ac5%3Bhb=fe51067ae869a4d59f350ac319b09edcb77ac8e6"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=841183"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=840822"
},
{
"name": "openSUSE-SU-2012:1079",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "https://hermes.opensuse.org/messages/15540133"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=841698"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=841284"
},
{
"name": "openSUSE-SU-2012:1081",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "https://hermes.opensuse.org/messages/15540172"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git%3Ba=commit%3Bh=e4faa1f0ba29151340920d975fc7639adf8371d5"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git%3Ba=commit%3Bh=b441980d53be1835b25f0cd6bcc0062da82032dd"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=840920"
},
{
"name": "[oss-security] 20120816 pcp: Multiple security flaws",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/08/16/1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git%3Ba=commit%3Bh=babd6c5c527f87ec838c13a1b4eba612af6ea27c"
},
{
"name": "FEDORA-2012-12076",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-August/085333.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=841112"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git%3Ba=commit%3Bh=f190942b552aa80d59bbe718866aa00b8e3fd5cc"
},
{
"name": "openSUSE-SU-2012:1036",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "https://hermes.opensuse.org/messages/15471040"
},
{
"name": "FEDORA-2012-12024",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-August/085324.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git%3Ba=commitdiff%3Bh=f0eaefe046b1061797f45b0c20bb2ac371b504a5"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=841126"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=841159"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git%3Ba=commitdiff%3Bh=7eb479b91ef12bf89a15b078af2107c8c4746a4a"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git%3Ba=commitdiff%3Bh=9f4e392c97ce42744ec73f82268ce6c815fdca0e"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=841240"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=841180"
},
{
"name": "SUSE-SU-2013:0190",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00024.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git%3Ba=commitdiff%3Bh=cced6012b4b93bfb640a9678589ced5416743910"
},
{
"name": "DSA-2533",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2012/dsa-2533"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git%3Ba=commitdiff%3Bh=bfb3ab8c6b3d75b1a6580feee76a7d0925a3633c"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-3418",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "libpcp in Performance Co-Pilot (PCP) before 3.6.5 allows remote attackers to cause a denial of service and possibly execute arbitrary code via (1) a PDU with the numcreds field value greater than the number of actual elements to the __pmDecodeCreds function in p_creds.c; (2) the string byte number value to the __pmDecodeNameList function in p_pmns.c; (3) the numids value to the __pmDecodeIDList function in p_pmns.c; (4) unspecified vectors to the __pmDecodeProfile function in p_profile.c; the (5) status number value or (6) string number value to the __pmDecodeNameList function in p_pmns.c; (7) certain input to the __pmDecodeResult function in p_result.c; (8) the name length field (namelen) to the DecodeNameReq function in p_pmns.c; (9) a crafted PDU_FETCH request to the __pmDecodeFetch function in p_fetch.c; (10) the namelen field in the __pmDecodeInstanceReq function in p_instance.c; (11) the buflen field to the __pmDecodeText function in p_text.c; (12) PDU_INSTANCE packets to the __pmDecodeInstance in p_instance.c; or the (13) c_numpmid or (14) v_numval fields to the __pmDecodeLogControl function in p_lcontrol.c, which triggers integer overflows, heap-based buffer overflows, and/or buffer over-reads."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=841249",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=841249"
},
{
"name": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git;a=commitdiff;h=49c679c44425915a8d6aa4af5f90b35384843c12",
"refsource": "CONFIRM",
"url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git;a=commitdiff;h=49c679c44425915a8d6aa4af5f90b35384843c12"
},
{
"name": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git;a=blob;f=CHANGELOG;h=16c9cbb2f61d909487ea1c3171f4ab33e5648ac5;hb=fe51067ae869a4d59f350ac319b09edcb77ac8e6",
"refsource": "CONFIRM",
"url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git;a=blob;f=CHANGELOG;h=16c9cbb2f61d909487ea1c3171f4ab33e5648ac5;hb=fe51067ae869a4d59f350ac319b09edcb77ac8e6"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=841183",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=841183"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=840822",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=840822"
},
{
"name": "openSUSE-SU-2012:1079",
"refsource": "SUSE",
"url": "https://hermes.opensuse.org/messages/15540133"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=841698",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=841698"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=841284",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=841284"
},
{
"name": "openSUSE-SU-2012:1081",
"refsource": "SUSE",
"url": "https://hermes.opensuse.org/messages/15540172"
},
{
"name": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git;a=commit;h=e4faa1f0ba29151340920d975fc7639adf8371d5",
"refsource": "CONFIRM",
"url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git;a=commit;h=e4faa1f0ba29151340920d975fc7639adf8371d5"
},
{
"name": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git;a=commit;h=b441980d53be1835b25f0cd6bcc0062da82032dd",
"refsource": "CONFIRM",
"url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git;a=commit;h=b441980d53be1835b25f0cd6bcc0062da82032dd"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=840920",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=840920"
},
{
"name": "[oss-security] 20120816 pcp: Multiple security flaws",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/08/16/1"
},
{
"name": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git;a=commit;h=babd6c5c527f87ec838c13a1b4eba612af6ea27c",
"refsource": "CONFIRM",
"url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git;a=commit;h=babd6c5c527f87ec838c13a1b4eba612af6ea27c"
},
{
"name": "FEDORA-2012-12076",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-August/085333.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=841112",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=841112"
},
{
"name": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git;a=commit;h=f190942b552aa80d59bbe718866aa00b8e3fd5cc",
"refsource": "CONFIRM",
"url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git;a=commit;h=f190942b552aa80d59bbe718866aa00b8e3fd5cc"
},
{
"name": "openSUSE-SU-2012:1036",
"refsource": "SUSE",
"url": "https://hermes.opensuse.org/messages/15471040"
},
{
"name": "FEDORA-2012-12024",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-August/085324.html"
},
{
"name": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git;a=commitdiff;h=f0eaefe046b1061797f45b0c20bb2ac371b504a5",
"refsource": "CONFIRM",
"url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git;a=commitdiff;h=f0eaefe046b1061797f45b0c20bb2ac371b504a5"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=841126",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=841126"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=841159",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=841159"
},
{
"name": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git;a=commitdiff;h=7eb479b91ef12bf89a15b078af2107c8c4746a4a",
"refsource": "CONFIRM",
"url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git;a=commitdiff;h=7eb479b91ef12bf89a15b078af2107c8c4746a4a"
},
{
"name": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git;a=commitdiff;h=9f4e392c97ce42744ec73f82268ce6c815fdca0e",
"refsource": "CONFIRM",
"url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git;a=commitdiff;h=9f4e392c97ce42744ec73f82268ce6c815fdca0e"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=841240",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=841240"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=841180",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=841180"
},
{
"name": "SUSE-SU-2013:0190",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00024.html"
},
{
"name": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git;a=commitdiff;h=cced6012b4b93bfb640a9678589ced5416743910",
"refsource": "CONFIRM",
"url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git;a=commitdiff;h=cced6012b4b93bfb640a9678589ced5416743910"
},
{
"name": "DSA-2533",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2012/dsa-2533"
},
{
"name": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git;a=commitdiff;h=bfb3ab8c6b3d75b1a6580feee76a7d0925a3633c",
"refsource": "CONFIRM",
"url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git;a=commitdiff;h=bfb3ab8c6b3d75b1a6580feee76a7d0925a3633c"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-3418",
"datePublished": "2012-08-27T23:00:00",
"dateReserved": "2012-06-14T00:00:00",
"dateUpdated": "2024-08-06T20:05:12.135Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-3419 (GCVE-0-2012-3419)
Vulnerability from cvelistv5 – Published: 2012-08-27 23:00 – Updated: 2024-08-06 20:05
VLAI?
Summary
Performance Co-Pilot (PCP) before 3.6.5 exports some of the /proc file system, which allows attackers to obtain sensitive information such as proc/pid/maps and command line arguments.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T20:05:12.091Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git%3Ba=blob%3Bf=CHANGELOG%3Bh=16c9cbb2f61d909487ea1c3171f4ab33e5648ac5%3Bhb=fe51067ae869a4d59f350ac319b09edcb77ac8e6"
},
{
"name": "openSUSE-SU-2012:1079",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "https://hermes.opensuse.org/messages/15540133"
},
{
"name": "openSUSE-SU-2012:1081",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "https://hermes.opensuse.org/messages/15540172"
},
{
"name": "[oss-security] 20120816 pcp: Multiple security flaws",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/08/16/1"
},
{
"name": "FEDORA-2012-12076",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-August/085333.html"
},
{
"name": "openSUSE-SU-2012:1036",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "https://hermes.opensuse.org/messages/15471040"
},
{
"name": "FEDORA-2012-12024",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-August/085324.html"
},
{
"name": "SUSE-SU-2013:0190",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00024.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=841702"
},
{
"name": "DSA-2533",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2012/dsa-2533"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-08-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Performance Co-Pilot (PCP) before 3.6.5 exports some of the /proc file system, which allows attackers to obtain sensitive information such as proc/pid/maps and command line arguments."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-09-07T09:00:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git%3Ba=blob%3Bf=CHANGELOG%3Bh=16c9cbb2f61d909487ea1c3171f4ab33e5648ac5%3Bhb=fe51067ae869a4d59f350ac319b09edcb77ac8e6"
},
{
"name": "openSUSE-SU-2012:1079",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "https://hermes.opensuse.org/messages/15540133"
},
{
"name": "openSUSE-SU-2012:1081",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "https://hermes.opensuse.org/messages/15540172"
},
{
"name": "[oss-security] 20120816 pcp: Multiple security flaws",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/08/16/1"
},
{
"name": "FEDORA-2012-12076",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-August/085333.html"
},
{
"name": "openSUSE-SU-2012:1036",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "https://hermes.opensuse.org/messages/15471040"
},
{
"name": "FEDORA-2012-12024",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-August/085324.html"
},
{
"name": "SUSE-SU-2013:0190",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00024.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=841702"
},
{
"name": "DSA-2533",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2012/dsa-2533"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-3419",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Performance Co-Pilot (PCP) before 3.6.5 exports some of the /proc file system, which allows attackers to obtain sensitive information such as proc/pid/maps and command line arguments."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git;a=blob;f=CHANGELOG;h=16c9cbb2f61d909487ea1c3171f4ab33e5648ac5;hb=fe51067ae869a4d59f350ac319b09edcb77ac8e6",
"refsource": "CONFIRM",
"url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git;a=blob;f=CHANGELOG;h=16c9cbb2f61d909487ea1c3171f4ab33e5648ac5;hb=fe51067ae869a4d59f350ac319b09edcb77ac8e6"
},
{
"name": "openSUSE-SU-2012:1079",
"refsource": "SUSE",
"url": "https://hermes.opensuse.org/messages/15540133"
},
{
"name": "openSUSE-SU-2012:1081",
"refsource": "SUSE",
"url": "https://hermes.opensuse.org/messages/15540172"
},
{
"name": "[oss-security] 20120816 pcp: Multiple security flaws",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/08/16/1"
},
{
"name": "FEDORA-2012-12076",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-August/085333.html"
},
{
"name": "openSUSE-SU-2012:1036",
"refsource": "SUSE",
"url": "https://hermes.opensuse.org/messages/15471040"
},
{
"name": "FEDORA-2012-12024",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-August/085324.html"
},
{
"name": "SUSE-SU-2013:0190",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00024.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=841702",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=841702"
},
{
"name": "DSA-2533",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2012/dsa-2533"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-3419",
"datePublished": "2012-08-27T23:00:00",
"dateReserved": "2012-06-14T00:00:00",
"dateUpdated": "2024-08-06T20:05:12.091Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-3421 (GCVE-0-2012-3421)
Vulnerability from cvelistv5 – Published: 2012-08-27 23:00 – Updated: 2024-08-06 20:05
VLAI?
Summary
The pduread function in pdu.c in libpcp in Performance Co-Pilot (PCP) before 3.6.5 does not properly time out connections, which allows remote attackers to cause a denial of service (pmcd hang) by sending individual bytes of a PDU separately, related to an "event-driven programming flaw."
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T20:05:12.583Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git%3Ba=blob%3Bf=CHANGELOG%3Bh=16c9cbb2f61d909487ea1c3171f4ab33e5648ac5%3Bhb=fe51067ae869a4d59f350ac319b09edcb77ac8e6"
},
{
"name": "openSUSE-SU-2012:1079",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "https://hermes.opensuse.org/messages/15540133"
},
{
"name": "openSUSE-SU-2012:1081",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "https://hermes.opensuse.org/messages/15540172"
},
{
"name": "[oss-security] 20120816 pcp: Multiple security flaws",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/08/16/1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git%3Ba=commit%3Bh=9ba85dca940de976176ce196fd5e3c4170936354"
},
{
"name": "FEDORA-2012-12076",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-August/085333.html"
},
{
"name": "openSUSE-SU-2012:1036",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "https://hermes.opensuse.org/messages/15471040"
},
{
"name": "FEDORA-2012-12024",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-August/085324.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=841706"
},
{
"name": "SUSE-SU-2013:0190",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00024.html"
},
{
"name": "DSA-2533",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2012/dsa-2533"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-08-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The pduread function in pdu.c in libpcp in Performance Co-Pilot (PCP) before 3.6.5 does not properly time out connections, which allows remote attackers to cause a denial of service (pmcd hang) by sending individual bytes of a PDU separately, related to an \"event-driven programming flaw.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-09-07T09:00:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git%3Ba=blob%3Bf=CHANGELOG%3Bh=16c9cbb2f61d909487ea1c3171f4ab33e5648ac5%3Bhb=fe51067ae869a4d59f350ac319b09edcb77ac8e6"
},
{
"name": "openSUSE-SU-2012:1079",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "https://hermes.opensuse.org/messages/15540133"
},
{
"name": "openSUSE-SU-2012:1081",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "https://hermes.opensuse.org/messages/15540172"
},
{
"name": "[oss-security] 20120816 pcp: Multiple security flaws",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/08/16/1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git%3Ba=commit%3Bh=9ba85dca940de976176ce196fd5e3c4170936354"
},
{
"name": "FEDORA-2012-12076",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-August/085333.html"
},
{
"name": "openSUSE-SU-2012:1036",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "https://hermes.opensuse.org/messages/15471040"
},
{
"name": "FEDORA-2012-12024",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-August/085324.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=841706"
},
{
"name": "SUSE-SU-2013:0190",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00024.html"
},
{
"name": "DSA-2533",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2012/dsa-2533"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-3421",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The pduread function in pdu.c in libpcp in Performance Co-Pilot (PCP) before 3.6.5 does not properly time out connections, which allows remote attackers to cause a denial of service (pmcd hang) by sending individual bytes of a PDU separately, related to an \"event-driven programming flaw.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git;a=blob;f=CHANGELOG;h=16c9cbb2f61d909487ea1c3171f4ab33e5648ac5;hb=fe51067ae869a4d59f350ac319b09edcb77ac8e6",
"refsource": "CONFIRM",
"url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git;a=blob;f=CHANGELOG;h=16c9cbb2f61d909487ea1c3171f4ab33e5648ac5;hb=fe51067ae869a4d59f350ac319b09edcb77ac8e6"
},
{
"name": "openSUSE-SU-2012:1079",
"refsource": "SUSE",
"url": "https://hermes.opensuse.org/messages/15540133"
},
{
"name": "openSUSE-SU-2012:1081",
"refsource": "SUSE",
"url": "https://hermes.opensuse.org/messages/15540172"
},
{
"name": "[oss-security] 20120816 pcp: Multiple security flaws",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/08/16/1"
},
{
"name": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git;a=commit;h=9ba85dca940de976176ce196fd5e3c4170936354",
"refsource": "CONFIRM",
"url": "http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git;a=commit;h=9ba85dca940de976176ce196fd5e3c4170936354"
},
{
"name": "FEDORA-2012-12076",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-August/085333.html"
},
{
"name": "openSUSE-SU-2012:1036",
"refsource": "SUSE",
"url": "https://hermes.opensuse.org/messages/15471040"
},
{
"name": "FEDORA-2012-12024",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-August/085324.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=841706",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=841706"
},
{
"name": "SUSE-SU-2013:0190",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00024.html"
},
{
"name": "DSA-2533",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2012/dsa-2533"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-3421",
"datePublished": "2012-08-27T23:00:00",
"dateReserved": "2012-06-14T00:00:00",
"dateUpdated": "2024-08-06T20:05:12.583Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2001-0823 (GCVE-0-2001-0823)
Vulnerability from cvelistv5 – Published: 2002-03-09 05:00 – Updated: 2024-08-08 04:37
VLAI?
Summary
The pmpost program in Performance Co-Pilot (PCP) before 2.2.1-3 allows a local user to gain privileges via a symlink attack on the NOTICES file in the PCP log directory (PCP_LOG_DIR).
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T04:37:06.210Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20010618 pmpost - another nice symlink follower",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=99290754901708\u0026w=2"
},
{
"name": "20010619 Re: pmpost - another nice symlink follower",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-06/0245.html"
},
{
"name": "2887",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/2887"
},
{
"name": "irix-pcp-pmpost-symlink(6724)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6724"
},
{
"name": "20010601-01-A",
"tags": [
"vendor-advisory",
"x_refsource_SGI",
"x_transferred"
],
"url": "ftp://patches.sgi.com/support/free/security/advisories/20010601-01-A"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2001-06-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The pmpost program in Performance Co-Pilot (PCP) before 2.2.1-3 allows a local user to gain privileges via a symlink attack on the NOTICES file in the PCP log directory (PCP_LOG_DIR)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2001-11-28T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20010618 pmpost - another nice symlink follower",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=99290754901708\u0026w=2"
},
{
"name": "20010619 Re: pmpost - another nice symlink follower",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-06/0245.html"
},
{
"name": "2887",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/2887"
},
{
"name": "irix-pcp-pmpost-symlink(6724)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6724"
},
{
"name": "20010601-01-A",
"tags": [
"vendor-advisory",
"x_refsource_SGI"
],
"url": "ftp://patches.sgi.com/support/free/security/advisories/20010601-01-A"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2001-0823",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The pmpost program in Performance Co-Pilot (PCP) before 2.2.1-3 allows a local user to gain privileges via a symlink attack on the NOTICES file in the PCP log directory (PCP_LOG_DIR)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20010618 pmpost - another nice symlink follower",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=99290754901708\u0026w=2"
},
{
"name": "20010619 Re: pmpost - another nice symlink follower",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-06/0245.html"
},
{
"name": "2887",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/2887"
},
{
"name": "irix-pcp-pmpost-symlink(6724)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6724"
},
{
"name": "20010601-01-A",
"refsource": "SGI",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20010601-01-A"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2001-0823",
"datePublished": "2002-03-09T05:00:00",
"dateReserved": "2001-11-22T00:00:00",
"dateUpdated": "2024-08-08T04:37:06.210Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}