__pmDecodeIDList does not check that the incoming PDU actually contains room for numids elements. This looks like it could result in a client crash (read buffer overflow, not exploitable for code execution) when a server sends too few IDs.
Nathan requested assignment, thanks Nathan
Created attachment 600699 [details] Resolve issues in decoding PCP namespace idlist PDUs
(In reply to comment #2) > Created attachment 600699 [details] > Resolve issues in decoding PCP namespace idlist PDUs Looks good to me.
Upstream patch: http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git;a=commit;h=b441980d53be1835b25f0cd6bcc0062da82032dd This issue has been addressed in pcp-3.6.5
This issue was addressed in Fedora and EPEL via the following security updates: Fedora-16: https://admin.fedoraproject.org/updates/pcp-3.6.5-1.fc16 Fedora-17: https://admin.fedoraproject.org/updates/pcp-3.6.5-1.fc17 Rawhide: https://admin.fedoraproject.org/updates/pcp-3.6.5-1.fc18 EPEL-5: https://admin.fedoraproject.org/updates/pcp-3.6.5-1.el5 EPEL-6: https://admin.fedoraproject.org/updates/pcp-3.6.5-1.el6