Bug 841698 (CVE-2012-3418) - CVE-2012-3418 pcp: multiple integer and heap-based buffer overflow flaws
Summary: CVE-2012-3418 pcp: multiple integer and heap-based buffer overflow flaws
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2012-3418
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 840822 840920 841112 841126 841159 841180 841183 841240 841249 841284 841290 848451 848629 848630
Blocks: 841708
TreeView+ depends on / blocked
 
Reported: 2012-07-19 22:03 UTC by Vincent Danen
Modified: 2019-09-29 12:54 UTC (History)
6 users (show)

Fixed In Version: pcp 3.6.5
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2013-01-22 16:57:30 UTC
Embargoed:

Attachments (Terms of Use)

Description Vincent Danen 2012-07-19 22:03:51 UTC 
Florian Weimer of the Red Hat Product Security Team discovered multiple integer and heap-based buffer overflow flaws in PCP (Performance Co-Pilot) libpcp protocol decoding functions.  These flaws could lead to daemon crashes or the execution of arbitrary code with root privileges.  Many of these flaws can be exploited without requiring the attacker to be authenticated.
Comment 1 Vincent Danen 2012-07-19 22:06:45 UTC 
The individual bugs that make up these flaws:

bug #840822 Crash in __pmDecodeCreds decoding crafted PDUs
bug #840920 pmcd heap-based buffer overflow in __pmDecodeNameList
bug #841112 __pmDecodeIDList lacks check against PDU size
bug #841126 Missing PDU length checks in __pmDecodeProfile
bug #841159 __pmDecodeResult multiple vulnerabilities
bug #841180 DecodeNameReq buffer overflow
bug #841183 Missing namelen check in __pmDecodeFetch
bug #841240 __pmDecodeInstanceReq heap buffer overflow
bug #841249 __pmDecodeText heap overflow
bug #841284 __pmDecodeInstance vulnerabilities
bug #841290 pcp: __pmDecodeLogControl vulnerabilities
bug #841306 libpcp additional decoder hardening

Respective upstream patches which fix the flaws are included in the individual bugs.
Comment 5 Huzaifa S. Sidhpurwala 2012-08-16 04:44:53 UTC 
Created pcp tracking bugs for this issue

Affects: epel-all [bug 848629]
Comment 6 Huzaifa S. Sidhpurwala 2012-08-17 04:51:40 UTC 
This issue was addressed in Fedora and EPEL via the following security updates:

Fedora-16: https://admin.fedoraproject.org/updates/pcp-3.6.5-1.fc16
Fedora-17: https://admin.fedoraproject.org/updates/pcp-3.6.5-1.fc17
Rawhide:   https://admin.fedoraproject.org/updates/pcp-3.6.5-1.fc18

EPEL-5: https://admin.fedoraproject.org/updates/pcp-3.6.5-1.el5
EPEL-6: https://admin.fedoraproject.org/updates/pcp-3.6.5-1.el6
Comment 7 Huzaifa S. Sidhpurwala 2012-08-20 08:39:52 UTC 
(In reply to comment #1)
> bug #841306 libpcp additional decoder hardening

We have excluded this bug from CVE-2012-3418. It is not fixed in pcp-3.6.5.
A CVE is not assigned to bug #841306 however, since its not really a flaw, but more of a hardening issue.
Comment 8 Fedora Update System 2012-08-20 10:54:31 UTC 
pcp-3.6.5-1.fc16 has been pushed to the Fedora 16 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 9 Fedora Update System 2012-08-20 10:57:03 UTC 
pcp-3.6.5-1.fc17 has been pushed to the Fedora 17 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 10 Fedora Update System 2012-08-21 18:34:13 UTC 
pcp-3.6.5-1.el6 has been pushed to the Fedora EPEL 6 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 11 Fedora Update System 2012-08-21 18:38:02 UTC 
pcp-3.6.5-1.el5 has been pushed to the Fedora EPEL 5 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 12 Fedora Update System 2012-09-18 00:00:48 UTC 
pcp-3.6.5-1.fc18 has been pushed to the Fedora 18 stable repository.  If problems still persist, please make note of it in this bug report.
Note You need to log in before you can comment on or make changes to this bug.