CVE-2012-3421

Severity

50%

Complexity

99%

Confidentiality

48%

The pduread function in pdu.c in libpcp in Performance Co-Pilot (PCP) before 3.6.5 does not properly time out connections, which allows remote attackers to cause a denial of service (pmcd hang) by sending individual bytes of a PDU separately, related to an "event-driven programming flaw."

CVSS 2.0 Base Score 5. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P).

Overview

First reported 12 years ago

2012-08-27 23:55:00

Last updated 12 years ago

2013-02-07 04:57:00

Affected Software

SGI Performance Co-Pilot 2.1.1

2.1.1

SGI Performance Co-Pilot 2.1.2

2.1.2

SGI Performance Co-Pilot 2.1.3

2.1.3

SGI Performance Co-Pilot 2.1.4

2.1.4

SGI Performance Co-Pilot 2.1.5

2.1.5

SGI Performance Co-Pilot 2.1.6

2.1.6

SGI Performance Co-Pilot 2.1.7

2.1.7

SGI Performance Co-Pilot 2.1.8

2.1.8

SGI Performance Co-Pilot 2.1.9

2.1.9

SGI Performance Co-Pilot 2.1.10

2.1.10

SGI Performance Co-Pilot 2.1.11

2.1.11

SGI Performance Co-Pilot 2.2

2.2

SGI Performance Co-Pilot

References

FEDORA-2012-12024

FEDORA-2012-12076

SUSE-SU-2013:0190

http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git;a=blob;f=CHANGELOG;h=16c9cbb2f61d909487ea1c3171f4ab33e5648ac5;hb=fe51067ae869a4d59f350ac319b09edcb77ac8e6

http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git;a=commit;h=9ba85dca940de976176ce196fd5e3c4170936354

DSA-2533

[oss-security] 20120816 pcp: Multiple security flaws

https://bugzilla.redhat.com/show_bug.cgi?id=841706

openSUSE-SU-2012:1036

openSUSE-SU-2012:1079

openSUSE-SU-2012:1081

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.