Debian DSA-2533-1 Moderate: Issues with Remote Access in Pcp Software
debian
August 23, 2012
It was discovered that Performance Co-Pilot (pcp), a framework for performance monitoring, contains several vulnerabilites
Summary
It was discovered that Performance Co-Pilot (pcp), a framework for
performance monitoring, contains several vulnerabilites.
CVE-2012-3418
Multiple buffer overflows in the PCP protocol decoders can
cause PCP clients and servers to crash or, potentially,
execute arbitrary code while processing crafted PDUs.
CVE-2012-3419
The "linux" PMDA used by the pmcd daemon discloses sensitive
information from the /proc file system to unauthenticated
clients.
CVE-2012-3420
Multiple memory leaks processing crafted requests can cause
pmcd to consume large amounts of memory and eventually crash.
CVE-2012-3421
Incorrect event-driven programming allows malicious clients to
prevent other clients from accessing the pmcd daemon.
To address the information disclosure vulnerability, CVE-2012-3419, a
new "proc" PMDA was introduced, which is disabled by default. If you
need access to this information, you need to enable the "proc" PMDA.
For the stable distribution (squeeze), this problem has been fixed in
version 3.3....
PREVIOUS
NEXT
Severity
important
Lowest
Low
Medium
High
Critical
Package: pcp
CVE ID: CVE-2012-3418 CVE-2012-3419 CVE-2012-3420 CVE-2012-3421
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!