SUSE update for pcp

Published: 2024-11-12

Risk	Medium
Patch available	YES
Number of vulnerabilities	4
CVE-ID	CVE-2023-6917 CVE-2024-3019 CVE-2024-45769 CVE-2024-45770
CWE-ID	CWE-264 CWE-668 CWE-20 CWE-61
Exploitation vector	Local network
Public exploit	N/A
Vulnerable software	SUSE Linux Enterprise Software Development Kit 12 Operating systems & Components / Operating system SUSE Linux Enterprise Server for SAP Applications 12 Operating systems & Components / Operating system SUSE Linux Enterprise Server 12 Operating systems & Components / Operating system SUSE Linux Enterprise High Performance Computing 12 Operating systems & Components / Operating system pcp-pmda-perfevent Operating systems & Components / Operating system package or component pcp-pmda-perfevent-debuginfo Operating systems & Components / Operating system package or component pcp-pmda-redis Operating systems & Components / Operating system package or component pcp-export-pcp2graphite Operating systems & Components / Operating system package or component pcp-conf Operating systems & Components / Operating system package or component pcp-import-ganglia2pcp Operating systems & Components / Operating system package or component pcp-import-iostat2pcp Operating systems & Components / Operating system package or component pcp-import-sar2pcp Operating systems & Components / Operating system package or component pcp-pmda-rsyslog Operating systems & Components / Operating system package or component pcp-pmda-dbping Operating systems & Components / Operating system package or component pcp-export-pcp2influxdb Operating systems & Components / Operating system package or component pcp-pmda-named Operating systems & Components / Operating system package or component pcp-pmda-zswap Operating systems & Components / Operating system package or component pcp-pmda-elasticsearch Operating systems & Components / Operating system package or component pcp-pmda-snmp Operating systems & Components / Operating system package or component pcp-pmda-memcache Operating systems & Components / Operating system package or component pcp-pmda-postfix Operating systems & Components / Operating system package or component pcp-pmda-gpfs Operating systems & Components / Operating system package or component pcp-pmda-pdns Operating systems & Components / Operating system package or component pcp-import-mrtg2pcp Operating systems & Components / Operating system package or component pcp-pmda-nginx Operating systems & Components / Operating system package or component pcp-pmda-activemq Operating systems & Components / Operating system package or component pcp-pmda-mic Operating systems & Components / Operating system package or component pcp-pmda-news Operating systems & Components / Operating system package or component pcp-pmda-nutcracker Operating systems & Components / Operating system package or component pcp-pmda-ds389 Operating systems & Components / Operating system package or component pcp-pmda-samba Operating systems & Components / Operating system package or component pcp-pmda-slurm Operating systems & Components / Operating system package or component pcp-pmda-ds389log Operating systems & Components / Operating system package or component pcp-pmda-bonding Operating systems & Components / Operating system package or component pcp-pmda-nfsclient Operating systems & Components / Operating system package or component pcp-pmda-lustre Operating systems & Components / Operating system package or component pcp-pmda-gpsd Operating systems & Components / Operating system package or component pcp-pmda-oracle Operating systems & Components / Operating system package or component pcp-doc Operating systems & Components / Operating system package or component pcp-pmda-mysql Operating systems & Components / Operating system package or component pcp-pmda-netfilter Operating systems & Components / Operating system package or component pcp-pmda-lmsensors Operating systems & Components / Operating system package or component pcp-pmda-unbound Operating systems & Components / Operating system package or component pcp-pmda-gluster Operating systems & Components / Operating system package or component pcp-debuginfo Operating systems & Components / Operating system package or component libpcp_mmv1 Operating systems & Components / Operating system package or component libpcp_import1-debuginfo Operating systems & Components / Operating system package or component pcp-pmda-roomtemp-debuginfo Operating systems & Components / Operating system package or component python3-pcp Operating systems & Components / Operating system package or component pcp-pmda-dm Operating systems & Components / Operating system package or component pcp-pmda-sendmail Operating systems & Components / Operating system package or component pcp-pmda-bash Operating systems & Components / Operating system package or component libpcp-devel Operating systems & Components / Operating system package or component pcp-import-collectl2pcp Operating systems & Components / Operating system package or component pcp Operating systems & Components / Operating system package or component pcp-devel Operating systems & Components / Operating system package or component libpcp_import1 Operating systems & Components / Operating system package or component pcp-pmda-lustrecomm-debuginfo Operating systems & Components / Operating system package or component pcp-pmda-cifs-debuginfo Operating systems & Components / Operating system package or component libpcp_gui2 Operating systems & Components / Operating system package or component libpcp_web1-debuginfo Operating systems & Components / Operating system package or component pcp-system-tools Operating systems & Components / Operating system package or component pcp-pmda-sendmail-debuginfo Operating systems & Components / Operating system package or component pcp-pmda-docker-debuginfo Operating systems & Components / Operating system package or component pcp-pmda-mailq Operating systems & Components / Operating system package or component pcp-pmda-nvidia-gpu-debuginfo Operating systems & Components / Operating system package or component pcp-pmda-cifs Operating systems & Components / Operating system package or component libpcp_trace2-debuginfo Operating systems & Components / Operating system package or component pcp-pmda-shping-debuginfo Operating systems & Components / Operating system package or component perl-PCP-MMV-debuginfo Operating systems & Components / Operating system package or component pcp-pmda-dm-debuginfo Operating systems & Components / Operating system package or component libpcp_mmv1-debuginfo Operating systems & Components / Operating system package or component pcp-pmda-trace Operating systems & Components / Operating system package or component pcp-pmda-trace-debuginfo Operating systems & Components / Operating system package or component pcp-pmda-weblog Operating systems & Components / Operating system package or component pcp-pmda-gfs2 Operating systems & Components / Operating system package or component pcp-pmda-cisco Operating systems & Components / Operating system package or component pcp-pmda-systemd Operating systems & Components / Operating system package or component perl-PCP-PMDA-debuginfo Operating systems & Components / Operating system package or component perl-PCP-PMDA Operating systems & Components / Operating system package or component pcp-pmda-logger Operating systems & Components / Operating system package or component libpcp3-debuginfo Operating systems & Components / Operating system package or component python3-pcp-debuginfo Operating systems & Components / Operating system package or component pcp-devel-debuginfo Operating systems & Components / Operating system package or component pcp-pmda-lustrecomm Operating systems & Components / Operating system package or component pcp-debugsource Operating systems & Components / Operating system package or component libpcp_trace2 Operating systems & Components / Operating system package or component pcp-pmda-roomtemp Operating systems & Components / Operating system package or component pcp-pmda-systemd-debuginfo Operating systems & Components / Operating system package or component pcp-pmda-gfs2-debuginfo Operating systems & Components / Operating system package or component pcp-pmda-weblog-debuginfo Operating systems & Components / Operating system package or component pcp-pmda-mounts Operating systems & Components / Operating system package or component libpcp_web1 Operating systems & Components / Operating system package or component pcp-pmda-docker Operating systems & Components / Operating system package or component perl-PCP-LogImport-debuginfo Operating systems & Components / Operating system package or component pcp-pmda-summary-debuginfo Operating systems & Components / Operating system package or component pcp-pmda-bash-debuginfo Operating systems & Components / Operating system package or component pcp-pmda-mounts-debuginfo Operating systems & Components / Operating system package or component libpcp3 Operating systems & Components / Operating system package or component pcp-pmda-bind2 Operating systems & Components / Operating system package or component pcp-import-collectl2pcp-debuginfo Operating systems & Components / Operating system package or component perl-PCP-MMV Operating systems & Components / Operating system package or component pcp-pmda-nvidia-gpu Operating systems & Components / Operating system package or component pcp-pmda-mailq-debuginfo Operating systems & Components / Operating system package or component pcp-pmda-logger-debuginfo Operating systems & Components / Operating system package or component pcp-pmda-apache-debuginfo Operating systems & Components / Operating system package or component pcp-pmda-apache Operating systems & Components / Operating system package or component perl-PCP-LogImport Operating systems & Components / Operating system package or component perl-PCP-LogSummary Operating systems & Components / Operating system package or component libpcp_gui2-debuginfo Operating systems & Components / Operating system package or component pcp-pmda-shping Operating systems & Components / Operating system package or component pcp-pmda-zimbra Operating systems & Components / Operating system package or component pcp-pmda-cisco-debuginfo Operating systems & Components / Operating system package or component pcp-pmda-summary Operating systems & Components / Operating system package or component
Vendor	SUSE

Security Bulletin

This security bulletin contains information about 4 vulnerabilities.

1) Permissions, Privileges, and Access Controls

EUVDB-ID: #VU96640

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-6917

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to application uses mixed privilege levels utilized by systemd services associated with PCP. A local user can escalate privileges on the system via symlink attacks.

Mitigation

Update the affected package pcp to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

pcp-pmda-perfevent: before 6.2.0-6.29.2

pcp-pmda-perfevent-debuginfo: before 6.2.0-6.29.2

pcp-pmda-redis: before 6.2.0-6.29.2

pcp-export-pcp2graphite: before 6.2.0-6.29.2

pcp-conf: before 6.2.0-6.29.2

pcp-import-ganglia2pcp: before 6.2.0-6.29.2

pcp-import-iostat2pcp: before 6.2.0-6.29.2

pcp-import-sar2pcp: before 6.2.0-6.29.2

pcp-pmda-rsyslog: before 6.2.0-6.29.2

pcp-pmda-dbping: before 6.2.0-6.29.2

pcp-export-pcp2influxdb: before 6.2.0-6.29.2

pcp-pmda-named: before 6.2.0-6.29.2

pcp-pmda-zswap: before 6.2.0-6.29.2

pcp-pmda-elasticsearch: before 6.2.0-6.29.2

pcp-pmda-snmp: before 6.2.0-6.29.2

pcp-pmda-memcache: before 6.2.0-6.29.2

pcp-pmda-postfix: before 6.2.0-6.29.2

pcp-pmda-gpfs: before 6.2.0-6.29.2

pcp-pmda-pdns: before 6.2.0-6.29.2

pcp-import-mrtg2pcp: before 6.2.0-6.29.2

pcp-pmda-nginx: before 6.2.0-6.29.2

pcp-pmda-activemq: before 6.2.0-6.29.2

pcp-pmda-mic: before 6.2.0-6.29.2

pcp-pmda-news: before 6.2.0-6.29.2

pcp-pmda-nutcracker: before 6.2.0-6.29.2

pcp-pmda-ds389: before 6.2.0-6.29.2

pcp-pmda-samba: before 6.2.0-6.29.2

pcp-pmda-slurm: before 6.2.0-6.29.2

pcp-pmda-ds389log: before 6.2.0-6.29.2

pcp-pmda-bonding: before 6.2.0-6.29.2

pcp-pmda-nfsclient: before 6.2.0-6.29.2

pcp-pmda-lustre: before 6.2.0-6.29.2

pcp-pmda-gpsd: before 6.2.0-6.29.2

pcp-pmda-oracle: before 6.2.0-6.29.2

pcp-doc: before 6.2.0-6.29.2

pcp-pmda-mysql: before 6.2.0-6.29.2

pcp-pmda-netfilter: before 6.2.0-6.29.2

pcp-pmda-lmsensors: before 6.2.0-6.29.2

pcp-pmda-unbound: before 6.2.0-6.29.2

pcp-pmda-gluster: before 6.2.0-6.29.2

pcp-debuginfo: before 6.2.0-6.29.2

libpcp_mmv1: before 6.2.0-6.29.2

libpcp_import1-debuginfo: before 6.2.0-6.29.2

pcp-pmda-roomtemp-debuginfo: before 6.2.0-6.29.2

python3-pcp: before 6.2.0-6.29.2

pcp-pmda-dm: before 6.2.0-6.29.2

pcp-pmda-sendmail: before 6.2.0-6.29.2

pcp-pmda-bash: before 6.2.0-6.29.2

libpcp-devel: before 6.2.0-6.29.2

pcp-import-collectl2pcp: before 6.2.0-6.29.2

pcp: before 6.2.0-6.29.2

pcp-devel: before 6.2.0-6.29.2

libpcp_import1: before 6.2.0-6.29.2

pcp-pmda-lustrecomm-debuginfo: before 6.2.0-6.29.2

pcp-pmda-cifs-debuginfo: before 6.2.0-6.29.2

libpcp_gui2: before 6.2.0-6.29.2

libpcp_web1-debuginfo: before 6.2.0-6.29.2

pcp-system-tools: before 6.2.0-6.29.2

pcp-pmda-sendmail-debuginfo: before 6.2.0-6.29.2

pcp-pmda-docker-debuginfo: before 6.2.0-6.29.2

pcp-pmda-mailq: before 6.2.0-6.29.2

pcp-pmda-nvidia-gpu-debuginfo: before 6.2.0-6.29.2

pcp-pmda-cifs: before 6.2.0-6.29.2

libpcp_trace2-debuginfo: before 6.2.0-6.29.2

pcp-pmda-shping-debuginfo: before 6.2.0-6.29.2

perl-PCP-MMV-debuginfo: before 6.2.0-6.29.2

pcp-pmda-dm-debuginfo: before 6.2.0-6.29.2

libpcp_mmv1-debuginfo: before 6.2.0-6.29.2

pcp-pmda-trace: before 6.2.0-6.29.2

pcp-pmda-trace-debuginfo: before 6.2.0-6.29.2

pcp-pmda-weblog: before 6.2.0-6.29.2

pcp-pmda-gfs2: before 6.2.0-6.29.2

pcp-pmda-cisco: before 6.2.0-6.29.2

pcp-pmda-systemd: before 6.2.0-6.29.2

perl-PCP-PMDA-debuginfo: before 6.2.0-6.29.2

perl-PCP-PMDA: before 6.2.0-6.29.2

pcp-pmda-logger: before 6.2.0-6.29.2

libpcp3-debuginfo: before 6.2.0-6.29.2

python3-pcp-debuginfo: before 6.2.0-6.29.2

pcp-devel-debuginfo: before 6.2.0-6.29.2

pcp-pmda-lustrecomm: before 6.2.0-6.29.2

pcp-debugsource: before 6.2.0-6.29.2

libpcp_trace2: before 6.2.0-6.29.2

pcp-pmda-roomtemp: before 6.2.0-6.29.2

pcp-pmda-systemd-debuginfo: before 6.2.0-6.29.2

pcp-pmda-gfs2-debuginfo: before 6.2.0-6.29.2

pcp-pmda-weblog-debuginfo: before 6.2.0-6.29.2

pcp-pmda-mounts: before 6.2.0-6.29.2

libpcp_web1: before 6.2.0-6.29.2

pcp-pmda-docker: before 6.2.0-6.29.2

perl-PCP-LogImport-debuginfo: before 6.2.0-6.29.2

pcp-pmda-summary-debuginfo: before 6.2.0-6.29.2

pcp-pmda-bash-debuginfo: before 6.2.0-6.29.2

pcp-pmda-mounts-debuginfo: before 6.2.0-6.29.2

libpcp3: before 6.2.0-6.29.2

pcp-pmda-bind2: before 6.2.0-6.29.2

pcp-import-collectl2pcp-debuginfo: before 6.2.0-6.29.2

perl-PCP-MMV: before 6.2.0-6.29.2

pcp-pmda-nvidia-gpu: before 6.2.0-6.29.2

pcp-pmda-mailq-debuginfo: before 6.2.0-6.29.2

pcp-pmda-logger-debuginfo: before 6.2.0-6.29.2

pcp-pmda-apache-debuginfo: before 6.2.0-6.29.2

pcp-pmda-apache: before 6.2.0-6.29.2

perl-PCP-LogImport: before 6.2.0-6.29.2

perl-PCP-LogSummary: before 6.2.0-6.29.2

libpcp_gui2-debuginfo: before 6.2.0-6.29.2

pcp-pmda-shping: before 6.2.0-6.29.2

pcp-pmda-zimbra: before 6.2.0-6.29.2

pcp-pmda-cisco-debuginfo: before 6.2.0-6.29.2

pcp-pmda-summary: before 6.2.0-6.29.2

CPE2.3

External links

http://www.suse.com/support/update/announcement/2024/suse-su-20243976-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Exposure of Resource to Wrong Sphere

EUVDB-ID: #VU92228

Risk: Medium

CVSSv3.1: 7.7 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-3019

CWE-ID: CWE-668 - Exposure of resource to wrong sphere

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to missing access restrictions in the default pmproxy configuration, which exposes the Redis server backend to the local network. A remote attacker on the local network can execute arbitrary OS commands.

Mitigation

Update the affected package pcp to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

pcp-pmda-perfevent: before 6.2.0-6.29.2

pcp-pmda-perfevent-debuginfo: before 6.2.0-6.29.2

pcp-pmda-redis: before 6.2.0-6.29.2

pcp-export-pcp2graphite: before 6.2.0-6.29.2

pcp-conf: before 6.2.0-6.29.2

pcp-import-ganglia2pcp: before 6.2.0-6.29.2

pcp-import-iostat2pcp: before 6.2.0-6.29.2

pcp-import-sar2pcp: before 6.2.0-6.29.2

pcp-pmda-rsyslog: before 6.2.0-6.29.2

pcp-pmda-dbping: before 6.2.0-6.29.2

pcp-export-pcp2influxdb: before 6.2.0-6.29.2

pcp-pmda-named: before 6.2.0-6.29.2

pcp-pmda-zswap: before 6.2.0-6.29.2

pcp-pmda-elasticsearch: before 6.2.0-6.29.2

pcp-pmda-snmp: before 6.2.0-6.29.2

pcp-pmda-memcache: before 6.2.0-6.29.2

pcp-pmda-postfix: before 6.2.0-6.29.2

pcp-pmda-gpfs: before 6.2.0-6.29.2

pcp-pmda-pdns: before 6.2.0-6.29.2

pcp-import-mrtg2pcp: before 6.2.0-6.29.2

pcp-pmda-nginx: before 6.2.0-6.29.2

pcp-pmda-activemq: before 6.2.0-6.29.2

pcp-pmda-mic: before 6.2.0-6.29.2

pcp-pmda-news: before 6.2.0-6.29.2

pcp-pmda-nutcracker: before 6.2.0-6.29.2

pcp-pmda-ds389: before 6.2.0-6.29.2

pcp-pmda-samba: before 6.2.0-6.29.2

pcp-pmda-slurm: before 6.2.0-6.29.2

pcp-pmda-ds389log: before 6.2.0-6.29.2

pcp-pmda-bonding: before 6.2.0-6.29.2

pcp-pmda-nfsclient: before 6.2.0-6.29.2

pcp-pmda-lustre: before 6.2.0-6.29.2

pcp-pmda-gpsd: before 6.2.0-6.29.2

pcp-pmda-oracle: before 6.2.0-6.29.2

pcp-doc: before 6.2.0-6.29.2

pcp-pmda-mysql: before 6.2.0-6.29.2

pcp-pmda-netfilter: before 6.2.0-6.29.2

pcp-pmda-lmsensors: before 6.2.0-6.29.2

pcp-pmda-unbound: before 6.2.0-6.29.2

pcp-pmda-gluster: before 6.2.0-6.29.2

pcp-debuginfo: before 6.2.0-6.29.2

libpcp_mmv1: before 6.2.0-6.29.2

libpcp_import1-debuginfo: before 6.2.0-6.29.2

pcp-pmda-roomtemp-debuginfo: before 6.2.0-6.29.2

python3-pcp: before 6.2.0-6.29.2

pcp-pmda-dm: before 6.2.0-6.29.2

pcp-pmda-sendmail: before 6.2.0-6.29.2

pcp-pmda-bash: before 6.2.0-6.29.2

libpcp-devel: before 6.2.0-6.29.2

pcp-import-collectl2pcp: before 6.2.0-6.29.2

pcp: before 6.2.0-6.29.2

pcp-devel: before 6.2.0-6.29.2

libpcp_import1: before 6.2.0-6.29.2

pcp-pmda-lustrecomm-debuginfo: before 6.2.0-6.29.2

pcp-pmda-cifs-debuginfo: before 6.2.0-6.29.2

libpcp_gui2: before 6.2.0-6.29.2

libpcp_web1-debuginfo: before 6.2.0-6.29.2

pcp-system-tools: before 6.2.0-6.29.2

pcp-pmda-sendmail-debuginfo: before 6.2.0-6.29.2

pcp-pmda-docker-debuginfo: before 6.2.0-6.29.2

pcp-pmda-mailq: before 6.2.0-6.29.2

pcp-pmda-nvidia-gpu-debuginfo: before 6.2.0-6.29.2

pcp-pmda-cifs: before 6.2.0-6.29.2

libpcp_trace2-debuginfo: before 6.2.0-6.29.2

pcp-pmda-shping-debuginfo: before 6.2.0-6.29.2

perl-PCP-MMV-debuginfo: before 6.2.0-6.29.2

pcp-pmda-dm-debuginfo: before 6.2.0-6.29.2

libpcp_mmv1-debuginfo: before 6.2.0-6.29.2

pcp-pmda-trace: before 6.2.0-6.29.2

pcp-pmda-trace-debuginfo: before 6.2.0-6.29.2

pcp-pmda-weblog: before 6.2.0-6.29.2

pcp-pmda-gfs2: before 6.2.0-6.29.2

pcp-pmda-cisco: before 6.2.0-6.29.2

pcp-pmda-systemd: before 6.2.0-6.29.2

perl-PCP-PMDA-debuginfo: before 6.2.0-6.29.2

perl-PCP-PMDA: before 6.2.0-6.29.2

pcp-pmda-logger: before 6.2.0-6.29.2

libpcp3-debuginfo: before 6.2.0-6.29.2

python3-pcp-debuginfo: before 6.2.0-6.29.2

pcp-devel-debuginfo: before 6.2.0-6.29.2

pcp-pmda-lustrecomm: before 6.2.0-6.29.2

pcp-debugsource: before 6.2.0-6.29.2

libpcp_trace2: before 6.2.0-6.29.2

pcp-pmda-roomtemp: before 6.2.0-6.29.2

pcp-pmda-systemd-debuginfo: before 6.2.0-6.29.2

pcp-pmda-gfs2-debuginfo: before 6.2.0-6.29.2

pcp-pmda-weblog-debuginfo: before 6.2.0-6.29.2

pcp-pmda-mounts: before 6.2.0-6.29.2

libpcp_web1: before 6.2.0-6.29.2

pcp-pmda-docker: before 6.2.0-6.29.2

perl-PCP-LogImport-debuginfo: before 6.2.0-6.29.2

pcp-pmda-summary-debuginfo: before 6.2.0-6.29.2

pcp-pmda-bash-debuginfo: before 6.2.0-6.29.2

pcp-pmda-mounts-debuginfo: before 6.2.0-6.29.2

libpcp3: before 6.2.0-6.29.2

pcp-pmda-bind2: before 6.2.0-6.29.2

pcp-import-collectl2pcp-debuginfo: before 6.2.0-6.29.2

perl-PCP-MMV: before 6.2.0-6.29.2

pcp-pmda-nvidia-gpu: before 6.2.0-6.29.2

pcp-pmda-mailq-debuginfo: before 6.2.0-6.29.2

pcp-pmda-logger-debuginfo: before 6.2.0-6.29.2

pcp-pmda-apache-debuginfo: before 6.2.0-6.29.2

pcp-pmda-apache: before 6.2.0-6.29.2

perl-PCP-LogImport: before 6.2.0-6.29.2

perl-PCP-LogSummary: before 6.2.0-6.29.2

libpcp_gui2-debuginfo: before 6.2.0-6.29.2

pcp-pmda-shping: before 6.2.0-6.29.2

pcp-pmda-zimbra: before 6.2.0-6.29.2

pcp-pmda-cisco-debuginfo: before 6.2.0-6.29.2

pcp-pmda-summary: before 6.2.0-6.29.2

CPE2.3

External links

http://www.suse.com/support/update/announcement/2024/suse-su-20243976-1/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Input validation error

EUVDB-ID: #VU97613

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-45769

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input. A local user can pass specially crafted input to the application and perform a denial of service (DoS) attack.

Mitigation

Update the affected package pcp to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

pcp-pmda-perfevent: before 6.2.0-6.29.2

pcp-pmda-perfevent-debuginfo: before 6.2.0-6.29.2

pcp-pmda-redis: before 6.2.0-6.29.2

pcp-export-pcp2graphite: before 6.2.0-6.29.2

pcp-conf: before 6.2.0-6.29.2

pcp-import-ganglia2pcp: before 6.2.0-6.29.2

pcp-import-iostat2pcp: before 6.2.0-6.29.2

pcp-import-sar2pcp: before 6.2.0-6.29.2

pcp-pmda-rsyslog: before 6.2.0-6.29.2

pcp-pmda-dbping: before 6.2.0-6.29.2

pcp-export-pcp2influxdb: before 6.2.0-6.29.2

pcp-pmda-named: before 6.2.0-6.29.2

pcp-pmda-zswap: before 6.2.0-6.29.2

pcp-pmda-elasticsearch: before 6.2.0-6.29.2

pcp-pmda-snmp: before 6.2.0-6.29.2

pcp-pmda-memcache: before 6.2.0-6.29.2

pcp-pmda-postfix: before 6.2.0-6.29.2

pcp-pmda-gpfs: before 6.2.0-6.29.2

pcp-pmda-pdns: before 6.2.0-6.29.2

pcp-import-mrtg2pcp: before 6.2.0-6.29.2

pcp-pmda-nginx: before 6.2.0-6.29.2

pcp-pmda-activemq: before 6.2.0-6.29.2

pcp-pmda-mic: before 6.2.0-6.29.2

pcp-pmda-news: before 6.2.0-6.29.2

pcp-pmda-nutcracker: before 6.2.0-6.29.2

pcp-pmda-ds389: before 6.2.0-6.29.2

pcp-pmda-samba: before 6.2.0-6.29.2

pcp-pmda-slurm: before 6.2.0-6.29.2

pcp-pmda-ds389log: before 6.2.0-6.29.2

pcp-pmda-bonding: before 6.2.0-6.29.2

pcp-pmda-nfsclient: before 6.2.0-6.29.2

pcp-pmda-lustre: before 6.2.0-6.29.2

pcp-pmda-gpsd: before 6.2.0-6.29.2

pcp-pmda-oracle: before 6.2.0-6.29.2

pcp-doc: before 6.2.0-6.29.2

pcp-pmda-mysql: before 6.2.0-6.29.2

pcp-pmda-netfilter: before 6.2.0-6.29.2

pcp-pmda-lmsensors: before 6.2.0-6.29.2

pcp-pmda-unbound: before 6.2.0-6.29.2

pcp-pmda-gluster: before 6.2.0-6.29.2

pcp-debuginfo: before 6.2.0-6.29.2

libpcp_mmv1: before 6.2.0-6.29.2

libpcp_import1-debuginfo: before 6.2.0-6.29.2

pcp-pmda-roomtemp-debuginfo: before 6.2.0-6.29.2

python3-pcp: before 6.2.0-6.29.2

pcp-pmda-dm: before 6.2.0-6.29.2

pcp-pmda-sendmail: before 6.2.0-6.29.2

pcp-pmda-bash: before 6.2.0-6.29.2

libpcp-devel: before 6.2.0-6.29.2

pcp-import-collectl2pcp: before 6.2.0-6.29.2

pcp: before 6.2.0-6.29.2

pcp-devel: before 6.2.0-6.29.2

libpcp_import1: before 6.2.0-6.29.2

pcp-pmda-lustrecomm-debuginfo: before 6.2.0-6.29.2

pcp-pmda-cifs-debuginfo: before 6.2.0-6.29.2

libpcp_gui2: before 6.2.0-6.29.2

libpcp_web1-debuginfo: before 6.2.0-6.29.2

pcp-system-tools: before 6.2.0-6.29.2

pcp-pmda-sendmail-debuginfo: before 6.2.0-6.29.2

pcp-pmda-docker-debuginfo: before 6.2.0-6.29.2

pcp-pmda-mailq: before 6.2.0-6.29.2

pcp-pmda-nvidia-gpu-debuginfo: before 6.2.0-6.29.2

pcp-pmda-cifs: before 6.2.0-6.29.2

libpcp_trace2-debuginfo: before 6.2.0-6.29.2

pcp-pmda-shping-debuginfo: before 6.2.0-6.29.2

perl-PCP-MMV-debuginfo: before 6.2.0-6.29.2

pcp-pmda-dm-debuginfo: before 6.2.0-6.29.2

libpcp_mmv1-debuginfo: before 6.2.0-6.29.2

pcp-pmda-trace: before 6.2.0-6.29.2

pcp-pmda-trace-debuginfo: before 6.2.0-6.29.2

pcp-pmda-weblog: before 6.2.0-6.29.2

pcp-pmda-gfs2: before 6.2.0-6.29.2

pcp-pmda-cisco: before 6.2.0-6.29.2

pcp-pmda-systemd: before 6.2.0-6.29.2

perl-PCP-PMDA-debuginfo: before 6.2.0-6.29.2

perl-PCP-PMDA: before 6.2.0-6.29.2

pcp-pmda-logger: before 6.2.0-6.29.2

libpcp3-debuginfo: before 6.2.0-6.29.2

python3-pcp-debuginfo: before 6.2.0-6.29.2

pcp-devel-debuginfo: before 6.2.0-6.29.2

pcp-pmda-lustrecomm: before 6.2.0-6.29.2

pcp-debugsource: before 6.2.0-6.29.2

libpcp_trace2: before 6.2.0-6.29.2

pcp-pmda-roomtemp: before 6.2.0-6.29.2

pcp-pmda-systemd-debuginfo: before 6.2.0-6.29.2

pcp-pmda-gfs2-debuginfo: before 6.2.0-6.29.2

pcp-pmda-weblog-debuginfo: before 6.2.0-6.29.2

pcp-pmda-mounts: before 6.2.0-6.29.2

libpcp_web1: before 6.2.0-6.29.2

pcp-pmda-docker: before 6.2.0-6.29.2

perl-PCP-LogImport-debuginfo: before 6.2.0-6.29.2

pcp-pmda-summary-debuginfo: before 6.2.0-6.29.2

pcp-pmda-bash-debuginfo: before 6.2.0-6.29.2

pcp-pmda-mounts-debuginfo: before 6.2.0-6.29.2

libpcp3: before 6.2.0-6.29.2

pcp-pmda-bind2: before 6.2.0-6.29.2

pcp-import-collectl2pcp-debuginfo: before 6.2.0-6.29.2

perl-PCP-MMV: before 6.2.0-6.29.2

pcp-pmda-nvidia-gpu: before 6.2.0-6.29.2

pcp-pmda-mailq-debuginfo: before 6.2.0-6.29.2

pcp-pmda-logger-debuginfo: before 6.2.0-6.29.2

pcp-pmda-apache-debuginfo: before 6.2.0-6.29.2

pcp-pmda-apache: before 6.2.0-6.29.2

perl-PCP-LogImport: before 6.2.0-6.29.2

perl-PCP-LogSummary: before 6.2.0-6.29.2

libpcp_gui2-debuginfo: before 6.2.0-6.29.2

pcp-pmda-shping: before 6.2.0-6.29.2

pcp-pmda-zimbra: before 6.2.0-6.29.2

pcp-pmda-cisco-debuginfo: before 6.2.0-6.29.2

pcp-pmda-summary: before 6.2.0-6.29.2

CPE2.3

External links

http://www.suse.com/support/update/announcement/2024/suse-su-20243976-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) UNIX symbolic link following

EUVDB-ID: #VU97612

Risk: Low

CVSSv3.1: 3.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-45770

CWE-ID: CWE-61 - UNIX Symbolic Link (Symlink) Following

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a symlink following issue within the pmpost tool, which runs under certain circumstances with elevated privileges. A local user can create a specially crafted symbolic link to a critical file on the system and overwrite it with privileges of the application.

Successful exploitation of this vulnerability may result in privilege escalation.

Mitigation

Update the affected package pcp to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Software Development Kit 12: SP5

SUSE Linux Enterprise Server for SAP Applications 12: SP5

SUSE Linux Enterprise Server 12: SP5

SUSE Linux Enterprise High Performance Computing 12: SP5

pcp-pmda-perfevent: before 6.2.0-6.29.2

pcp-pmda-perfevent-debuginfo: before 6.2.0-6.29.2

pcp-pmda-redis: before 6.2.0-6.29.2

pcp-export-pcp2graphite: before 6.2.0-6.29.2

pcp-conf: before 6.2.0-6.29.2

pcp-import-ganglia2pcp: before 6.2.0-6.29.2

pcp-import-iostat2pcp: before 6.2.0-6.29.2

pcp-import-sar2pcp: before 6.2.0-6.29.2

pcp-pmda-rsyslog: before 6.2.0-6.29.2

pcp-pmda-dbping: before 6.2.0-6.29.2

pcp-export-pcp2influxdb: before 6.2.0-6.29.2

pcp-pmda-named: before 6.2.0-6.29.2

pcp-pmda-zswap: before 6.2.0-6.29.2

pcp-pmda-elasticsearch: before 6.2.0-6.29.2

pcp-pmda-snmp: before 6.2.0-6.29.2

pcp-pmda-memcache: before 6.2.0-6.29.2

pcp-pmda-postfix: before 6.2.0-6.29.2

pcp-pmda-gpfs: before 6.2.0-6.29.2

pcp-pmda-pdns: before 6.2.0-6.29.2

pcp-import-mrtg2pcp: before 6.2.0-6.29.2

pcp-pmda-nginx: before 6.2.0-6.29.2

pcp-pmda-activemq: before 6.2.0-6.29.2

pcp-pmda-mic: before 6.2.0-6.29.2

pcp-pmda-news: before 6.2.0-6.29.2

pcp-pmda-nutcracker: before 6.2.0-6.29.2

pcp-pmda-ds389: before 6.2.0-6.29.2

pcp-pmda-samba: before 6.2.0-6.29.2

pcp-pmda-slurm: before 6.2.0-6.29.2

pcp-pmda-ds389log: before 6.2.0-6.29.2

pcp-pmda-bonding: before 6.2.0-6.29.2

pcp-pmda-nfsclient: before 6.2.0-6.29.2

pcp-pmda-lustre: before 6.2.0-6.29.2

pcp-pmda-gpsd: before 6.2.0-6.29.2

pcp-pmda-oracle: before 6.2.0-6.29.2

pcp-doc: before 6.2.0-6.29.2

pcp-pmda-mysql: before 6.2.0-6.29.2

pcp-pmda-netfilter: before 6.2.0-6.29.2

pcp-pmda-lmsensors: before 6.2.0-6.29.2

pcp-pmda-unbound: before 6.2.0-6.29.2

pcp-pmda-gluster: before 6.2.0-6.29.2

pcp-debuginfo: before 6.2.0-6.29.2

libpcp_mmv1: before 6.2.0-6.29.2

libpcp_import1-debuginfo: before 6.2.0-6.29.2

pcp-pmda-roomtemp-debuginfo: before 6.2.0-6.29.2

python3-pcp: before 6.2.0-6.29.2

pcp-pmda-dm: before 6.2.0-6.29.2

pcp-pmda-sendmail: before 6.2.0-6.29.2

pcp-pmda-bash: before 6.2.0-6.29.2

libpcp-devel: before 6.2.0-6.29.2

pcp-import-collectl2pcp: before 6.2.0-6.29.2

pcp: before 6.2.0-6.29.2

pcp-devel: before 6.2.0-6.29.2

libpcp_import1: before 6.2.0-6.29.2

pcp-pmda-lustrecomm-debuginfo: before 6.2.0-6.29.2

pcp-pmda-cifs-debuginfo: before 6.2.0-6.29.2

libpcp_gui2: before 6.2.0-6.29.2

libpcp_web1-debuginfo: before 6.2.0-6.29.2

pcp-system-tools: before 6.2.0-6.29.2

pcp-pmda-sendmail-debuginfo: before 6.2.0-6.29.2

pcp-pmda-docker-debuginfo: before 6.2.0-6.29.2

pcp-pmda-mailq: before 6.2.0-6.29.2

pcp-pmda-nvidia-gpu-debuginfo: before 6.2.0-6.29.2

pcp-pmda-cifs: before 6.2.0-6.29.2

libpcp_trace2-debuginfo: before 6.2.0-6.29.2

pcp-pmda-shping-debuginfo: before 6.2.0-6.29.2

perl-PCP-MMV-debuginfo: before 6.2.0-6.29.2

pcp-pmda-dm-debuginfo: before 6.2.0-6.29.2

libpcp_mmv1-debuginfo: before 6.2.0-6.29.2

pcp-pmda-trace: before 6.2.0-6.29.2

pcp-pmda-trace-debuginfo: before 6.2.0-6.29.2

pcp-pmda-weblog: before 6.2.0-6.29.2

pcp-pmda-gfs2: before 6.2.0-6.29.2

pcp-pmda-cisco: before 6.2.0-6.29.2

pcp-pmda-systemd: before 6.2.0-6.29.2

perl-PCP-PMDA-debuginfo: before 6.2.0-6.29.2

perl-PCP-PMDA: before 6.2.0-6.29.2

pcp-pmda-logger: before 6.2.0-6.29.2

libpcp3-debuginfo: before 6.2.0-6.29.2

python3-pcp-debuginfo: before 6.2.0-6.29.2

pcp-devel-debuginfo: before 6.2.0-6.29.2

pcp-pmda-lustrecomm: before 6.2.0-6.29.2

pcp-debugsource: before 6.2.0-6.29.2

libpcp_trace2: before 6.2.0-6.29.2

pcp-pmda-roomtemp: before 6.2.0-6.29.2

pcp-pmda-systemd-debuginfo: before 6.2.0-6.29.2

pcp-pmda-gfs2-debuginfo: before 6.2.0-6.29.2

pcp-pmda-weblog-debuginfo: before 6.2.0-6.29.2

pcp-pmda-mounts: before 6.2.0-6.29.2

libpcp_web1: before 6.2.0-6.29.2

pcp-pmda-docker: before 6.2.0-6.29.2

perl-PCP-LogImport-debuginfo: before 6.2.0-6.29.2

pcp-pmda-summary-debuginfo: before 6.2.0-6.29.2

pcp-pmda-bash-debuginfo: before 6.2.0-6.29.2

pcp-pmda-mounts-debuginfo: before 6.2.0-6.29.2

libpcp3: before 6.2.0-6.29.2

pcp-pmda-bind2: before 6.2.0-6.29.2

pcp-import-collectl2pcp-debuginfo: before 6.2.0-6.29.2

perl-PCP-MMV: before 6.2.0-6.29.2

pcp-pmda-nvidia-gpu: before 6.2.0-6.29.2

pcp-pmda-mailq-debuginfo: before 6.2.0-6.29.2

pcp-pmda-logger-debuginfo: before 6.2.0-6.29.2

pcp-pmda-apache-debuginfo: before 6.2.0-6.29.2

pcp-pmda-apache: before 6.2.0-6.29.2

perl-PCP-LogImport: before 6.2.0-6.29.2

perl-PCP-LogSummary: before 6.2.0-6.29.2

libpcp_gui2-debuginfo: before 6.2.0-6.29.2

pcp-pmda-shping: before 6.2.0-6.29.2

pcp-pmda-zimbra: before 6.2.0-6.29.2

pcp-pmda-cisco-debuginfo: before 6.2.0-6.29.2

pcp-pmda-summary: before 6.2.0-6.29.2

CPE2.3

External links

http://www.suse.com/support/update/announcement/2024/suse-su-20243976-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.