LWN.net (RSS Feed) on Nostr: pcp: pmcd network daemon review (SUSE Security Team Blog) The SUSE Security Team Blog ...
pcp: pmcd network daemon review (SUSE Security Team Blog)
The SUSE Security Team Blog has a https://security.opensuse.org/2024/09/18/pcp-network-audit.html
:
The rather complex PCP software suite was difficult to judge just from
a cursory look, so we decided to take a closer look especially at
PCP's networking logic at a later time. This report contains two CVEs
and some non-CVE related findings we also gathered during the
follow-up review.
https://nvd.nist.gov/vuln/detail/CVE-2024-45769
,
a flaw that could allow an attacker to send crafted data to crash
https://man7.org/linux/man-pages/man1/pmcd.1.html
,
which could allow a full local root exploit from the pcp user to root,
have been addressed in the https://github.com/performancecopilot/pcp/releases/tag/6.3.1
release of PCP.
https://lwn.net/Articles/991091/
The SUSE Security Team Blog has a https://security.opensuse.org/2024/09/18/pcp-network-audit.html
:
The rather complex PCP software suite was difficult to judge just from
a cursory look, so we decided to take a closer look especially at
PCP's networking logic at a later time. This report contains two CVEs
and some non-CVE related findings we also gathered during the
follow-up review.
https://nvd.nist.gov/vuln/detail/CVE-2024-45769
,
a flaw that could allow an attacker to send crafted data to crash
https://man7.org/linux/man-pages/man1/pmcd.1.html
,
which could allow a full local root exploit from the pcp user to root,
have been addressed in the https://github.com/performancecopilot/pcp/releases/tag/6.3.1
release of PCP.
https://lwn.net/Articles/991091/