Performance Co-Pilot缓冲区溢出漏洞

admin

0
文章

0
评论

2023-12-08 06:23:50 Ali_nvd 来源：ZONE.CI 全球网 0 阅读模式

低危 Performance Co-Pilot缓冲区溢出漏洞

CVE编号

CVE-2012-3418

利用情况

暂无

补丁情况

官方补丁

披露时间

2012-08-28

漏洞描述

Performance Co-Pilot (PCP)是由SGI开发的一套支持系统级性能监视的服务。PCP (Performance Co-Pilot) libpcp协议解码函数存在多个整数和基于堆的缓冲区溢出，允许未验证攻击者利用漏洞使应用程序崩溃或执行任意代码。

解决建议

Performance Co-Pilot 3.6.5已经修复此漏洞，建议用户下载使用：http://oss.sgi.com/projects/pcp/news.html

参考链接
http://lists.fedoraproject.org/pipermail/package-announce/2012-August/085324.html
http://lists.fedoraproject.org/pipermail/package-announce/2012-August/085333.html
http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00024.html
http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git%3Ba=blob%3Bf=CHANGELOG%3B...
http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git%3Ba=commit%3Bh=b441980d53...
http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git%3Ba=commit%3Bh=babd6c5c52...
http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git%3Ba=commit%3Bh=e4faa1f0ba...
http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git%3Ba=commit%3Bh=f190942b55...
http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git%3Ba=commitdiff%3Bh=49c679...
http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git%3Ba=commitdiff%3Bh=7eb479...
http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git%3Ba=commitdiff%3Bh=9f4e39...
http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git%3Ba=commitdiff%3Bh=bfb3ab...
http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git%3Ba=commitdiff%3Bh=cced60...
http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git%3Ba=commitdiff%3Bh=f0eaef...
http://www.debian.org/security/2012/dsa-2533
http://www.openwall.com/lists/oss-security/2012/08/16/1
https://bugzilla.redhat.com/show_bug.cgi?id=840822
https://bugzilla.redhat.com/show_bug.cgi?id=840920
https://bugzilla.redhat.com/show_bug.cgi?id=841112
https://bugzilla.redhat.com/show_bug.cgi?id=841126
https://bugzilla.redhat.com/show_bug.cgi?id=841159
https://bugzilla.redhat.com/show_bug.cgi?id=841180
https://bugzilla.redhat.com/show_bug.cgi?id=841183
https://bugzilla.redhat.com/show_bug.cgi?id=841240
https://bugzilla.redhat.com/show_bug.cgi?id=841249
https://bugzilla.redhat.com/show_bug.cgi?id=841284
https://bugzilla.redhat.com/show_bug.cgi?id=841698
https://hermes.opensuse.org/messages/15471040
https://hermes.opensuse.org/messages/15540133
https://hermes.opensuse.org/messages/15540172

受影响软件情况

1
#	类型	厂商	产品	版本	影响面
	运行在以下环境
	应用	sgi	performance_co-pilot	*		Up to (including) 3.6.4
	运行在以下环境
	应用	sgi	performance_co-pilot	2.1.1	-
	运行在以下环境
	应用	sgi	performance_co-pilot	2.1.10	-
	运行在以下环境
	应用	sgi	performance_co-pilot	2.1.11	-
	运行在以下环境
	应用	sgi	performance_co-pilot	2.1.2	-
	运行在以下环境
	应用	sgi	performance_co-pilot	2.1.3	-
	运行在以下环境
	应用	sgi	performance_co-pilot	2.1.4	-
	运行在以下环境
	应用	sgi	performance_co-pilot	2.1.5	-
	运行在以下环境
	应用	sgi	performance_co-pilot	2.1.6	-
	运行在以下环境
	应用	sgi	performance_co-pilot	2.1.7	-
	运行在以下环境
	应用	sgi	performance_co-pilot	2.1.8	-
	运行在以下环境
	应用	sgi	performance_co-pilot	2.1.9	-
	运行在以下环境
	应用	sgi	performance_co-pilot	2.2	-
	运行在以下环境
	系统	debian_10	pcp	*		Up to (excluding) 3.6.5
	运行在以下环境
	系统	debian_11	pcp	*		Up to (excluding) 3.6.5
	运行在以下环境
	系统	debian_12	pcp	*		Up to (excluding) 3.6.5
	运行在以下环境
	系统	debian_6	pcp	*		Up to (excluding) 3.3.3-squeeze2
	运行在以下环境
	系统	debian_sid	pcp	*		Up to (excluding) 3.6.5
	运行在以下环境
	系统	fedora_EPEL_5	perl-PCP-MMV	*		Up to (excluding) 3.6.5-1.el5
	运行在以下环境
	系统	fedora_EPEL_6	perl-PCP-MMV	*		Up to (excluding) 3.6.5-1.el6
	运行在以下环境
	系统	suse_11	permissions	*		Up to (excluding) 2013.1.7-0.3