Published: 29/11/2012 Updated: 26/02/2013

CVSS v2 Base Score: 2.1 | Impact Score: 2.9 | Exploitability Score: 3.9

VMScore: 187

Vector: AV:L/AC:L/Au:N/C:N/I:P/A:N

The (1) pcmd and (2) pmlogger init scripts in Performance Co-Pilot (PCP) prior to 3.6.10 allow local users to overwrite arbitrary files via a symlink attack on a /var/tmp/##### temporary file.

Vulnerable Product	Search on Vulmon	Subscribe to Product
sgi performance co-pilot 2.1.9
sgi performance co-pilot 2.1.8
sgi performance co-pilot 2.1.11
sgi performance co-pilot 2.1.2
sgi performance co-pilot 3.6.6
sgi performance co-pilot 3.6.5
sgi performance co-pilot 2.1.7
sgi performance co-pilot 2.1.10
sgi performance co-pilot 3.6.8
sgi performance co-pilot 3.6.4
sgi performance co-pilot 2.1.5
sgi performance co-pilot 2.1.6
sgi performance co-pilot
sgi performance co-pilot 2.2
sgi performance co-pilot 2.1.4
sgi performance co-pilot 2.1.3
sgi performance co-pilot 2.1.1

Debian Bug report logs - #698735 CVE-2012-5530 Package: pcp; Maintainer for pcp is PCP Development Team <pcp@groupsio>; Source for pcp is src:pcp (PTS, buildd, popcon) Reported by: Moritz Muehlenhoff <jmm@debianorg> Date: Tue, 22 Jan 2013 21:42:06 UTC Severity: important Tags: security Fixed in versions pcp/371 ...

CWE-264 https://bugzilla.redhat.com/show_bug.cgi?id=875842 https://bugzilla.novell.com/show_bug.cgi?id=782967 http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00024.html http://www.securityfocus.com/bid/56656 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=698735 https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2012-5530

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect