Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-3421

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2012-3421
Last Modified 06 Feb 2013 11:57:15
Published 27 Aug 2012 07:55:02
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2012-3421

Summary

The pduread function in pdu.c in libpcp in Performance Co-Pilot (PCP) before 3.6.5 does not properly time out connections, which allows remote attackers to cause a denial of service (pmcd hang) by sending individual bytes of a PDU separately, related to an "event-driven programming flaw."

Vulnerable Systems

Application

  • Sgi Performance Co-pilot 2.1.1

  • Sgi Performance Co-pilot 2.1.10

  • Sgi Performance Co-pilot 2.1.11

  • Sgi Performance Co-pilot 2.1.2

  • Sgi Performance Co-pilot 2.1.3

  • Sgi Performance Co-pilot 2.1.4

  • Sgi Performance Co-pilot 2.1.5

  • Sgi Performance Co-pilot 2.1.6

  • Sgi Performance Co-pilot 2.1.7

  • Sgi Performance Co-pilot 2.1.8

  • Sgi Performance Co-pilot 2.1.9

  • Sgi Performance Co-pilot 2.2

  • Sgi Performance Co-pilot 3.6.4


References

MISC - https://bugzilla.redhat.com/show_bug.cgi?id=841706

MLIST - [oss-security] 20120816 pcp: Multiple security flaws

CONFIRM - http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git;a=commit;h=9ba85dca940de976176ce196fd5e3c4170936354

CONFIRM - http://oss.sgi.com/cgi-bin/gitweb.cgi?p=pcp/pcp.git;a=blob;f=CHANGELOG;h=16c9cbb2f61d909487ea1c3171f4ab33e5648ac5;hb=fe51067ae869a4d59f350ac319b09edcb77ac8e6

FEDORA - FEDORA-2012-12076

FEDORA - FEDORA-2012-12024

SUSE - openSUSE-SU-2012:1081

SUSE - openSUSE-SU-2012:1079

SUSE - openSUSE-SU-2012:1036

DEBIAN - DSA-2533

SUSE - SUSE-SU-2013:0190

Related Patches

Novell SUSE 2013:7221 libpcp3 security update for SLE 11 SP2 i586

Novell SUSE 2013:7221 libpcp3 security update for SLE 11 SP2 x86_64

Novell SUSE 2013:8421 libpcp3 security update for SLE 10 SP4 i586

Novell SUSE 2013:8421 libpcp3 security update for SLE 10 SP4 x86_64


Last Updated: 27 May 2016 11:00:20