CVE - CVE-2012-3418

CVE-ID
CVE-2012-3418	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
libpcp in Performance Co-Pilot (PCP) before 3.6.5 allows remote attackers to cause a denial of service and possibly execute arbitrary code via (1) a PDU with the numcreds field value greater than the number of actual elements to the __pmDecodeCreds function in p_creds.c; (2) the string byte number value to the __pmDecodeNameList function in p_pmns.c; (3) the numids value to the __pmDecodeIDList function in p_pmns.c; (4) unspecified vectors to the __pmDecodeProfile function in p_profile.c; the (5) status number value or (6) string number value to the __pmDecodeNameList function in p_pmns.c; (7) certain input to the __pmDecodeResult function in p_result.c; (8) the name length field (namelen) to the DecodeNameReq function in p_pmns.c; (9) a crafted PDU_FETCH request to the __pmDecodeFetch function in p_fetch.c; (10) the namelen field in the __pmDecodeInstanceReq function in p_instance.c; (11) the buflen field to the __pmDecodeText function in p_text.c; (12) PDU_INSTANCE packets to the __pmDecodeInstance in p_instance.c; or the (13) c_numpmid or (14) v_numval fields to the __pmDecodeLogControl function in p_lcontrol.c, which triggers integer overflows, heap-based buffer overflows, and/or buffer over-reads.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
MLIST:[oss-security] 20120816 pcp: Multiple security flaws URL:http://www.openwall.com/lists/oss-security/2012/08/16/1 MISC:https://bugzilla.redhat.com/show_bug.cgi?id=840822 MISC:https://bugzilla.redhat.com/show_bug.cgi?id=840920 MISC:https://bugzilla.redhat.com/show_bug.cgi?id=841112 MISC:https://bugzilla.redhat.com/show_bug.cgi?id=841126 MISC:https://bugzilla.redhat.com/show_bug.cgi?id=841159 MISC:https://bugzilla.redhat.com/show_bug.cgi?id=841180 MISC:https://bugzilla.redhat.com/show_bug.cgi?id=841183 MISC:https://bugzilla.redhat.com/show_bug.cgi?id=841240 MISC:https://bugzilla.redhat.com/show_bug.cgi?id=841249 MISC:https://bugzilla.redhat.com/show_bug.cgi?id=841284 MISC:https://bugzilla.redhat.com/show_bug.cgi?id=841698 CONFIRM:http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git;a=blob;f=CHANGELOG;h=16c9cbb2f61d909487ea1c3171f4ab33e5648ac5;hb=fe51067ae869a4d59f350ac319b09edcb77ac8e6 CONFIRM:http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git;a=commit;h=b441980d53be1835b25f0cd6bcc0062da82032dd CONFIRM:http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git;a=commit;h=babd6c5c527f87ec838c13a1b4eba612af6ea27c CONFIRM:http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git;a=commit;h=e4faa1f0ba29151340920d975fc7639adf8371d5 CONFIRM:http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git;a=commit;h=f190942b552aa80d59bbe718866aa00b8e3fd5cc CONFIRM:http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git;a=commitdiff;h=49c679c44425915a8d6aa4af5f90b35384843c12 CONFIRM:http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git;a=commitdiff;h=7eb479b91ef12bf89a15b078af2107c8c4746a4a CONFIRM:http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git;a=commitdiff;h=9f4e392c97ce42744ec73f82268ce6c815fdca0e CONFIRM:http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git;a=commitdiff;h=bfb3ab8c6b3d75b1a6580feee76a7d0925a3633c CONFIRM:http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git;a=commitdiff;h=cced6012b4b93bfb640a9678589ced5416743910 CONFIRM:http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git;a=commitdiff;h=f0eaefe046b1061797f45b0c20bb2ac371b504a5 DEBIAN:DSA-2533 URL:http://www.debian.org/security/2012/dsa-2533 FEDORA:FEDORA-2012-12024 URL:http://lists.fedoraproject.org/pipermail/package-announce/2012-August/085324.html FEDORA:FEDORA-2012-12076 URL:http://lists.fedoraproject.org/pipermail/package-announce/2012-August/085333.html SUSE:openSUSE-SU-2012:1079 URL:https://hermes.opensuse.org/messages/15540133 SUSE:openSUSE-SU-2012:1081 URL:https://hermes.opensuse.org/messages/15540172 SUSE:openSUSE-SU-2012:1036 URL:https://hermes.opensuse.org/messages/15471040 SUSE:SUSE-SU-2013:0190 URL:http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00024.html
Assigning CNA
N/A
Date Entry Created
20120614	Disclaimer: The entry creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20120614)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an entry on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: cve@mitre.org