DSA-2533-1 pcp -- severalID: oval:org.secpod.oval:def:600872 | Date: (C)2012-08-24 (M)2022-10-10 |
Class: PATCH | Family: unix |
It was discovered that Performance Co-Pilot , a framework for performance monitoring, contains several vulnerabilites. CVE-2012-3418 Multiple buffer overflows in the PCP protocol decoders can cause PCP clients and servers to crash or, potentially, execute arbitrary code while processing crafted PDUs. CVE-2012-3419 The "linux" PMDA used by the pmcd daemon discloses sensitive information from the /proc file system to unauthenticated clients. CVE-2012-3420 Multiple memory leaks processing crafted requests can cause pmcd to consume large amounts of memory and eventually crash. CVE-2012-3421 Incorrect event-driven programming allows malicious clients to prevent other clients from accessing the pmcd daemon. To address the information disclosure vulnerability, CVE-2012-3419, a new "proc" PMDA was introduced, which is disabled by default. If you need access to this information, you need to enable the "proc" PMDA.