7 matches found
CVE-2023-6917
The CVE-2023-6917 issue in Performance Co-Pilot (PCP) stems from mixed privilege levels across PCP systemd services, with some processes running as root while others are limited PCP users. This separation failure can let privileged root processes interact with directories owned by unprivileged PC...
CVE-2012-3418
CVE-2012-3418 affects libpcp in Performance Co-Pilot (PCP) prior to 3.6.5. The vulnerability arises in the decoding paths (__pmDecodeCreds, __pmDecodeNameList, __pmDecodeIDList, __pmDecodeProfile, __pmDecodeResult, DecodeNameReq, __pmDecodeFetch, __pmDecodeInstanceReq, __pmDecodeText, __pmDecodeI...
CVE-2012-3421
The CVE-2012-3421 issue affects Performance Co-Pilot (PCP) libpcp: the pduread function in pdu.c does not time out stalled connections, allowing a remote attacker to cause a denial of service (pmcd hang) by sending PDUs byte by byte. Affected product/version: PCP before 3.6.5. Mitigation: upgrade...
CVE-2012-3420
CVE-2012-3420 affects Performance Co-Pilot (PCP) components prior to 3.6.5. The issue is due to memory leaks in PCP where processing a large number of PDUs can exhaust memory, or crash the daemon, via (1) a crafted context number to DoFetch (pmcd/src/dofetch.c) or (2) a negative type value to __p...
CVE-2012-5530
CVE-2012-5530 affects Performance Co-Pilot (PCP) components prior to 3.6.10. The vulnerability arises from the init scripts (pcmd and pmlogger) that allow local users to overwrite arbitrary files via a symlink attack on a /var/tmp/##### temporary file. The issue is specifically tied to the file-s...
CVE-2012-3419
CVE-2012-3419 affects Performance Co-Pilot (PCP) before 3.6.5. The vulnerability arises because PCP exposes some of the /proc filesystem, allowing remote or local entities to read sensitive information such as proc/pid/maps and command line arguments. Consequence: potential exposure of process de...
CVE-2001-0823
The CVE-2001-0823 entry documents a local privilege escalation in the Performance Co-Pilot (PCP) package via the pmpost utility, prior to version 2.2.1-3. An attacker can exploit a symlink attack on the NOTICES file in the PCP log directory (PCP_LOG_DIR) to gain root/privilege access. The underly...