A Improper Control of Generation of Code vulnerability in the rpm packaging of pcp allows the user pcp to run code as root by placing it into /var/log/pcp/configs.sh.
Created pcp tracking bugs for this issue:
Affects: fedora-all [bug 1811704]
This issue was resolved some time ago by removing compatibility code in PCP v5 - all current Fedora versions are unaffected by the issue.
Author: Nathan Scott <email@example.com>
Date: Sun Oct 6 14:10:40 2019 +1100
build: drop old config file transition code from rpm specs
Its been many years since this transition was done, good time
now with pcp-5.0.0 to full this old shell code. Also remove
the Fedora crontab transition logic as thats completely moved
over to systemd now.
Please do not close this bug as this is not only Fedora specific, but it is used to describe the flaw.
For the Fedora tracker see bug 1811704.
Ah, my mistake - apologies. What information do you need from me? (needinfo? set)
AFAICT nothing more is needed from me at this time, clearing 'needinfo'.
Upstream commit for this issue:
There's an issue with pcp package, during pre installation phase the rpm copies some scripts from predetermined locations. Those scripts are further installed with permission to be executed as root user during post installation phase. An attacker may leverage this flaw by adding malicious code on certain scripts or manipulating those file paths, resulting in privilege escalation during package installation.
This issue has been addressed in the following products:
Red Hat Enterprise Linux 7
Via RHSA-2020:3869 https://access.redhat.com/errata/RHSA-2020:3869
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):