Bug 841698 - (CVE-2012-3418) CVE-2012-3418 pcp: multiple integer and heap-based buffer overflow flaws
CVE-2012-3418 pcp: multiple integer and heap-based buffer overflow flaws
Status: CLOSED ERRATA
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
high Severity high
: ---
: ---
Assigned To: Red Hat Product Security
impact=important,public=20120816,repo...
: Security
Depends On: 840822 840920 841112 841126 841159 841180 841183 841240 841249 841284 841290 848451 848629 848630
Blocks: 841708
  Show dependency treegraph
 
Reported: 2012-07-19 18:03 EDT by Vincent Danen
Modified: 2016-03-04 06:56 EST (History)
6 users (show)

See Also:
Fixed In Version: pcp 3.6.5
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2013-01-22 11:57:30 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Vincent Danen 2012-07-19 18:03:51 EDT
Florian Weimer of the Red Hat Product Security Team discovered multiple integer and heap-based buffer overflow flaws in PCP (Performance Co-Pilot) libpcp protocol decoding functions.  These flaws could lead to daemon crashes or the execution of arbitrary code with root privileges.  Many of these flaws can be exploited without requiring the attacker to be authenticated.
Comment 1 Vincent Danen 2012-07-19 18:06:45 EDT
The individual bugs that make up these flaws:

bug #840822 Crash in __pmDecodeCreds decoding crafted PDUs
bug #840920 pmcd heap-based buffer overflow in __pmDecodeNameList
bug #841112 __pmDecodeIDList lacks check against PDU size
bug #841126 Missing PDU length checks in __pmDecodeProfile
bug #841159 __pmDecodeResult multiple vulnerabilities
bug #841180 DecodeNameReq buffer overflow
bug #841183 Missing namelen check in __pmDecodeFetch
bug #841240 __pmDecodeInstanceReq heap buffer overflow
bug #841249 __pmDecodeText heap overflow
bug #841284 __pmDecodeInstance vulnerabilities
bug #841290 pcp: __pmDecodeLogControl vulnerabilities
bug #841306 libpcp additional decoder hardening

Respective upstream patches which fix the flaws are included in the individual bugs.
Comment 5 Huzaifa S. Sidhpurwala 2012-08-16 00:44:53 EDT
Created pcp tracking bugs for this issue

Affects: epel-all [bug 848629]
Comment 7 Huzaifa S. Sidhpurwala 2012-08-20 04:39:52 EDT
(In reply to comment #1)
> bug #841306 libpcp additional decoder hardening

We have excluded this bug from CVE-2012-3418. It is not fixed in pcp-3.6.5.
A CVE is not assigned to bug #841306 however, since its not really a flaw, but more of a hardening issue.
Comment 8 Fedora Update System 2012-08-20 06:54:31 EDT
pcp-3.6.5-1.fc16 has been pushed to the Fedora 16 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 9 Fedora Update System 2012-08-20 06:57:03 EDT
pcp-3.6.5-1.fc17 has been pushed to the Fedora 17 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 10 Fedora Update System 2012-08-21 14:34:13 EDT
pcp-3.6.5-1.el6 has been pushed to the Fedora EPEL 6 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 11 Fedora Update System 2012-08-21 14:38:02 EDT
pcp-3.6.5-1.el5 has been pushed to the Fedora EPEL 5 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 12 Fedora Update System 2012-09-17 20:00:48 EDT
pcp-3.6.5-1.fc18 has been pushed to the Fedora 18 stable repository.  If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.