openEuler 22.03 LTS update for pcp

Published: 2024-06-19

Risk	Medium
Patch available	YES
Number of vulnerabilities	1
CVE-ID	CVE-2024-3019
CWE-ID	CWE-668
Exploitation vector	Local network
Public exploit	N/A
Vulnerable software	openEuler Operating systems & Components / Operating system pcp-pmda-mssql Operating systems & Components / Operating system package or component pcp-pmda-bcc Operating systems & Components / Operating system package or component pcp-help Operating systems & Components / Operating system package or component pcp-pmda-bpftrace Operating systems & Components / Operating system package or component pcp-export-pcp2spark Operating systems & Components / Operating system package or component pcp-pmda-zswap Operating systems & Components / Operating system package or component pcp-pmda-bash Operating systems & Components / Operating system package or component pcp-conf Operating systems & Components / Operating system package or component pcp-pmda-unbound Operating systems & Components / Operating system package or component pcp-pmda-mysql Operating systems & Components / Operating system package or component pcp-pmda-docker Operating systems & Components / Operating system package or component pcp-pmda-nginx Operating systems & Components / Operating system package or component pcp-pmda-activemq Operating systems & Components / Operating system package or component pcp-pmda-sockets Operating systems & Components / Operating system package or component pcp-pmda-pdns Operating systems & Components / Operating system package or component pcp-pmda-summary Operating systems & Components / Operating system package or component pcp-pmda-podman Operating systems & Components / Operating system package or component pcp-devel Operating systems & Components / Operating system package or component pcp-pmda-infiniband Operating systems & Components / Operating system package or component pcp-pmda-cifs Operating systems & Components / Operating system package or component pcp-import-mrtg2pcp Operating systems & Components / Operating system package or component pcp-pmda-news Operating systems & Components / Operating system package or component pcp-pmda-cisco Operating systems & Components / Operating system package or component pcp-pmda-openmetrics Operating systems & Components / Operating system package or component perl-PCP-MMV Operating systems & Components / Operating system package or component pcp-import-sar2pcp Operating systems & Components / Operating system package or component pcp-pmda-ds389 Operating systems & Components / Operating system package or component pcp-pmda-bonding Operating systems & Components / Operating system package or component pcp-pmda-shping Operating systems & Components / Operating system package or component pcp-gui Operating systems & Components / Operating system package or component pcp-pmda-gfs2 Operating systems & Components / Operating system package or component pcp-import-collectl2pcp Operating systems & Components / Operating system package or component pcp-pmda-systemd Operating systems & Components / Operating system package or component pcp-pmda-nutcracker Operating systems & Components / Operating system package or component pcp-pmda-libvirt Operating systems & Components / Operating system package or component pcp-pmda-rsyslog Operating systems & Components / Operating system package or component pcp-pmda-slurm Operating systems & Components / Operating system package or component pcp-pmda-trace Operating systems & Components / Operating system package or component pcp-pmda-bind2 Operating systems & Components / Operating system package or component pcp-export-zabbix-agent Operating systems & Components / Operating system package or component pcp-pmda-haproxy Operating systems & Components / Operating system package or component pcp-pmda-perfevent Operating systems & Components / Operating system package or component pcp-pmda-mic Operating systems & Components / Operating system package or component pcp-export-pcp2influxdb Operating systems & Components / Operating system package or component pcp-pmda-snmp Operating systems & Components / Operating system package or component pcp-pmda-dm Operating systems & Components / Operating system package or component pcp-pmda-denki Operating systems & Components / Operating system package or component pcp-pmda-redis Operating systems & Components / Operating system package or component pcp-pmda-nvidia-gpu Operating systems & Components / Operating system package or component pcp-pmda-mounts Operating systems & Components / Operating system package or component pcp-pmda-netfilter Operating systems & Components / Operating system package or component pcp-pmda-postfix Operating systems & Components / Operating system package or component perl-PCP-LogSummary Operating systems & Components / Operating system package or component pcp-pmda-apache Operating systems & Components / Operating system package or component pcp-import-iostat2pcp Operating systems & Components / Operating system package or component pcp-pmda-bpf Operating systems & Components / Operating system package or component pcp-pmda-nfsclient Operating systems & Components / Operating system package or component pcp-export-pcp2xml Operating systems & Components / Operating system package or component pcp-pmda-openvswitch Operating systems & Components / Operating system package or component pcp-pmda-mailq Operating systems & Components / Operating system package or component pcp-pmda-lustre Operating systems & Components / Operating system package or component pcp-pmda-memcache Operating systems & Components / Operating system package or component pcp-pmda-gpsd Operating systems & Components / Operating system package or component pcp-pmda-elasticsearch Operating systems & Components / Operating system package or component perl-PCP-PMDA Operating systems & Components / Operating system package or component pcp-pmda-mongodb Operating systems & Components / Operating system package or component pcp-import-ganglia2pcp Operating systems & Components / Operating system package or component pcp-pmda-weblog Operating systems & Components / Operating system package or component pcp-pmda-hacluster Operating systems & Components / Operating system package or component pcp-pmda-smart Operating systems & Components / Operating system package or component pcp-pmda-gpfs Operating systems & Components / Operating system package or component pcp-pmda-lustrecomm Operating systems & Components / Operating system package or component pcp-export-pcp2json Operating systems & Components / Operating system package or component pcp-pmda-netcheck Operating systems & Components / Operating system package or component pcp-export-pcp2zabbix Operating systems & Components / Operating system package or component pcp-pmda-logger Operating systems & Components / Operating system package or component pcp-system-tools Operating systems & Components / Operating system package or component pcp-pmda-lmsensors Operating systems & Components / Operating system package or component pcp-pmda-postgresql Operating systems & Components / Operating system package or component pcp-pmda-roomtemp Operating systems & Components / Operating system package or component pcp-pmda-gluster Operating systems & Components / Operating system package or component pcp-pmda-lio Operating systems & Components / Operating system package or component pcp-export-pcp2elasticsearch Operating systems & Components / Operating system package or component perl-PCP-LogImport Operating systems & Components / Operating system package or component pcp-selinux Operating systems & Components / Operating system package or component pcp-debuginfo Operating systems & Components / Operating system package or component pcp-pmda-dbping Operating systems & Components / Operating system package or component python3-pcp Operating systems & Components / Operating system package or component pcp-pmda-named Operating systems & Components / Operating system package or component pcp-zeroconf Operating systems & Components / Operating system package or component pcp-pmda-zimbra Operating systems & Components / Operating system package or component pcp-export-pcp2graphite Operating systems & Components / Operating system package or component pcp-pmda-json Operating systems & Components / Operating system package or component pcp-pmda-samba Operating systems & Components / Operating system package or component pcp-debugsource Operating systems & Components / Operating system package or component pcp-pmda-oracle Operating systems & Components / Operating system package or component pcp-pmda-sendmail Operating systems & Components / Operating system package or component pcp-pmda-rabbitmq Operating systems & Components / Operating system package or component pcp-pmda-ds389log Operating systems & Components / Operating system package or component pcp Operating systems & Components / Operating system package or component
Vendor	openEuler

Security Bulletin

This security bulletin contains one medium risk vulnerability.

1) Exposure of Resource to Wrong Sphere

EUVDB-ID: #VU92228

Risk: Medium

CVSSv4.0: 6.3 [CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2024-3019

CWE-ID: CWE-668 - Exposure of resource to wrong sphere

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to missing access restrictions in the default pmproxy configuration, which exposes the Redis server backend to the local network. A remote attacker on the local network can execute arbitrary OS commands.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS

pcp-pmda-mssql: before 5.3.5-9

pcp-pmda-bcc: before 5.3.5-9

pcp-help: before 5.3.5-9

pcp-pmda-bpftrace: before 5.3.5-9

pcp-export-pcp2spark: before 5.3.5-9

pcp-pmda-zswap: before 5.3.5-9

pcp-pmda-bash: before 5.3.5-9

pcp-conf: before 5.3.5-9

pcp-pmda-unbound: before 5.3.5-9

pcp-pmda-mysql: before 5.3.5-9

pcp-pmda-docker: before 5.3.5-9

pcp-pmda-nginx: before 5.3.5-9

pcp-pmda-activemq: before 5.3.5-9

pcp-pmda-sockets: before 5.3.5-9

pcp-pmda-pdns: before 5.3.5-9

pcp-pmda-summary: before 5.3.5-9

pcp-pmda-podman: before 5.3.5-9

pcp-devel: before 5.3.5-9

pcp-pmda-infiniband: before 5.3.5-9

pcp-pmda-cifs: before 5.3.5-9

pcp-import-mrtg2pcp: before 5.3.5-9

pcp-pmda-news: before 5.3.5-9

pcp-pmda-cisco: before 5.3.5-9

pcp-pmda-openmetrics: before 5.3.5-9

perl-PCP-MMV: before 5.3.5-9

pcp-import-sar2pcp: before 5.3.5-9

pcp-pmda-ds389: before 5.3.5-9

pcp-pmda-bonding: before 5.3.5-9

pcp-pmda-shping: before 5.3.5-9

pcp-gui: before 5.3.5-9

pcp-pmda-gfs2: before 5.3.5-9

pcp-import-collectl2pcp: before 5.3.5-9

pcp-pmda-systemd: before 5.3.5-9

pcp-pmda-nutcracker: before 5.3.5-9

pcp-pmda-libvirt: before 5.3.5-9

pcp-pmda-rsyslog: before 5.3.5-9

pcp-pmda-slurm: before 5.3.5-9

pcp-pmda-trace: before 5.3.5-9

pcp-pmda-bind2: before 5.3.5-9

pcp-export-zabbix-agent: before 5.3.5-9

pcp-pmda-haproxy: before 5.3.5-9

pcp-pmda-perfevent: before 5.3.5-9

pcp-pmda-mic: before 5.3.5-9

pcp-export-pcp2influxdb: before 5.3.5-9

pcp-pmda-snmp: before 5.3.5-9

pcp-pmda-dm: before 5.3.5-9

pcp-pmda-denki: before 5.3.5-9

pcp-pmda-redis: before 5.3.5-9

pcp-pmda-nvidia-gpu: before 5.3.5-9

pcp-pmda-mounts: before 5.3.5-9

pcp-pmda-netfilter: before 5.3.5-9

pcp-pmda-postfix: before 5.3.5-9

perl-PCP-LogSummary: before 5.3.5-9

pcp-pmda-apache: before 5.3.5-9

pcp-import-iostat2pcp: before 5.3.5-9

pcp-pmda-bpf: before 5.3.5-9

pcp-pmda-nfsclient: before 5.3.5-9

pcp-export-pcp2xml: before 5.3.5-9

pcp-pmda-openvswitch: before 5.3.5-9

pcp-pmda-mailq: before 5.3.5-9

pcp-pmda-lustre: before 5.3.5-9

pcp-pmda-memcache: before 5.3.5-9

pcp-pmda-gpsd: before 5.3.5-9

pcp-pmda-elasticsearch: before 5.3.5-9

perl-PCP-PMDA: before 5.3.5-9

pcp-pmda-mongodb: before 5.3.5-9

pcp-import-ganglia2pcp: before 5.3.5-9

pcp-pmda-weblog: before 5.3.5-9

pcp-pmda-hacluster: before 5.3.5-9

pcp-pmda-smart: before 5.3.5-9

pcp-pmda-gpfs: before 5.3.5-9

pcp-pmda-lustrecomm: before 5.3.5-9

pcp-export-pcp2json: before 5.3.5-9

pcp-pmda-netcheck: before 5.3.5-9

pcp-export-pcp2zabbix: before 5.3.5-9

pcp-pmda-logger: before 5.3.5-9

pcp-system-tools: before 5.3.5-9

pcp-pmda-lmsensors: before 5.3.5-9

pcp-pmda-postgresql: before 5.3.5-9

pcp-pmda-roomtemp: before 5.3.5-9

pcp-pmda-gluster: before 5.3.5-9

pcp-pmda-lio: before 5.3.5-9

pcp-export-pcp2elasticsearch: before 5.3.5-9

perl-PCP-LogImport: before 5.3.5-9

pcp-selinux: before 5.3.5-9

pcp-debuginfo: before 5.3.5-9

pcp-pmda-dbping: before 5.3.5-9

python3-pcp: before 5.3.5-9

pcp-pmda-named: before 5.3.5-9

pcp-zeroconf: before 5.3.5-9

pcp-pmda-zimbra: before 5.3.5-9

pcp-export-pcp2graphite: before 5.3.5-9

pcp-pmda-json: before 5.3.5-9

pcp-pmda-samba: before 5.3.5-9

pcp-debugsource: before 5.3.5-9

pcp-pmda-oracle: before 5.3.5-9

pcp-pmda-sendmail: before 5.3.5-9

pcp-pmda-rabbitmq: before 5.3.5-9

pcp-pmda-ds389log: before 5.3.5-9

pcp: before 5.3.5-9

CPE2.3

External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1436

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.