CVE-2012-3420

Severity

50%

Complexity

99%

Confidentiality

48%

Multiple memory leaks in Performance Co-Pilot (PCP) before 3.6.5 allow remote attackers to cause a denial of service (memory consumption or daemon crash) via a large number of PDUs with (1) a crafted context number to the DoFetch function in pmcd/src/dofetch.c or (2) a negative type value to the __pmGetPDU function in libpcp/src/pdu.c.

Multiple memory leaks in Performance Co-Pilot (PCP) before 3.6.5 allow remote attackers to cause a denial of service (memory consumption or daemon crash) via a large number of PDUs with (1) a crafted context number to the DoFetch function in pmcd/src/dofetch.c or (2) a negative type value to the __pmGetPDU function in libpcp/src/pdu.c.

CVSS 2.0 Base Score 5. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P).

Overview

First reported 12 years ago

2012-08-27 23:55:00

Last updated 12 years ago

2013-02-07 04:57:00

Affected Software

SGI Performance Co-Pilot 2.1.1

2.1.1

SGI Performance Co-Pilot 2.1.2

2.1.2

SGI Performance Co-Pilot 2.1.3

2.1.3

SGI Performance Co-Pilot 2.1.4

2.1.4

SGI Performance Co-Pilot 2.1.5

2.1.5

SGI Performance Co-Pilot 2.1.6

2.1.6

SGI Performance Co-Pilot 2.1.7

2.1.7

SGI Performance Co-Pilot 2.1.8

2.1.8

SGI Performance Co-Pilot 2.1.9

2.1.9

SGI Performance Co-Pilot 2.1.10

2.1.10

SGI Performance Co-Pilot 2.1.11

2.1.11

SGI Performance Co-Pilot 2.2

2.2

SGI Performance Co-Pilot

References

FEDORA-2012-12024

FEDORA-2012-12076

SUSE-SU-2013:0190

http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git;a=blob;f=CHANGELOG;h=16c9cbb2f61d909487ea1c3171f4ab33e5648ac5;hb=fe51067ae869a4d59f350ac319b09edcb77ac8e6

http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git;a=commit;h=68fb968b4ee635bb301dc9ab64e633b0d66d27b4

http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git;a=commit;h=a7dc844d3586ea79887655a97c4252a79751fdae

DSA-2533

[oss-security] 20120816 pcp: Multiple security flaws

https://bugzilla.redhat.com/show_bug.cgi?id=841298

https://bugzilla.redhat.com/show_bug.cgi?id=841319

https://bugzilla.redhat.com/show_bug.cgi?id=841704

openSUSE-SU-2012:1036

openSUSE-SU-2012:1079

openSUSE-SU-2012:1081

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.