openEuler 22.03 LTS SP4 update for pcp

Published: 2025-03-21

Risk	Low
Patch available	YES
Number of vulnerabilities	2
CVE-ID	CVE-2024-45769 CVE-2024-45770
CWE-ID	CWE-20 CWE-61
Exploitation vector	Local
Public exploit	N/A
Vulnerable software	openEuler Operating systems & Components / Operating system pcp-pmda-mssql Operating systems & Components / Operating system package or component pcp-pmda-bcc Operating systems & Components / Operating system package or component pcp-help Operating systems & Components / Operating system package or component python3-pcp Operating systems & Components / Operating system package or component perl-PCP-PMDA Operating systems & Components / Operating system package or component perl-PCP-MMV Operating systems & Components / Operating system package or component perl-PCP-LogSummary Operating systems & Components / Operating system package or component perl-PCP-LogImport Operating systems & Components / Operating system package or component pcp-zeroconf Operating systems & Components / Operating system package or component pcp-system-tools Operating systems & Components / Operating system package or component pcp-selinux Operating systems & Components / Operating system package or component pcp-pmda-zswap Operating systems & Components / Operating system package or component pcp-pmda-zimbra Operating systems & Components / Operating system package or component pcp-pmda-weblog Operating systems & Components / Operating system package or component pcp-pmda-unbound Operating systems & Components / Operating system package or component pcp-pmda-trace Operating systems & Components / Operating system package or component pcp-pmda-systemd Operating systems & Components / Operating system package or component pcp-pmda-summary Operating systems & Components / Operating system package or component pcp-pmda-sockets Operating systems & Components / Operating system package or component pcp-pmda-snmp Operating systems & Components / Operating system package or component pcp-pmda-smart Operating systems & Components / Operating system package or component pcp-pmda-slurm Operating systems & Components / Operating system package or component pcp-pmda-shping Operating systems & Components / Operating system package or component pcp-pmda-sendmail Operating systems & Components / Operating system package or component pcp-pmda-samba Operating systems & Components / Operating system package or component pcp-pmda-rsyslog Operating systems & Components / Operating system package or component pcp-pmda-roomtemp Operating systems & Components / Operating system package or component pcp-pmda-redis Operating systems & Components / Operating system package or component pcp-pmda-rabbitmq Operating systems & Components / Operating system package or component pcp-pmda-postgresql Operating systems & Components / Operating system package or component pcp-pmda-postfix Operating systems & Components / Operating system package or component pcp-pmda-podman Operating systems & Components / Operating system package or component pcp-pmda-perfevent Operating systems & Components / Operating system package or component pcp-pmda-pdns Operating systems & Components / Operating system package or component pcp-pmda-oracle Operating systems & Components / Operating system package or component pcp-pmda-openvswitch Operating systems & Components / Operating system package or component pcp-pmda-openmetrics Operating systems & Components / Operating system package or component pcp-pmda-nvidia-gpu Operating systems & Components / Operating system package or component pcp-pmda-nutcracker Operating systems & Components / Operating system package or component pcp-pmda-nginx Operating systems & Components / Operating system package or component pcp-pmda-nfsclient Operating systems & Components / Operating system package or component pcp-pmda-news Operating systems & Components / Operating system package or component pcp-pmda-netfilter Operating systems & Components / Operating system package or component pcp-pmda-netcheck Operating systems & Components / Operating system package or component pcp-pmda-named Operating systems & Components / Operating system package or component pcp-pmda-mysql Operating systems & Components / Operating system package or component pcp-pmda-mounts Operating systems & Components / Operating system package or component pcp-pmda-mongodb Operating systems & Components / Operating system package or component pcp-pmda-mic Operating systems & Components / Operating system package or component pcp-pmda-memcache Operating systems & Components / Operating system package or component pcp-pmda-mailq Operating systems & Components / Operating system package or component pcp-pmda-lustrecomm Operating systems & Components / Operating system package or component pcp-pmda-lustre Operating systems & Components / Operating system package or component pcp-pmda-logger Operating systems & Components / Operating system package or component pcp-pmda-lmsensors Operating systems & Components / Operating system package or component pcp-pmda-lio Operating systems & Components / Operating system package or component pcp-pmda-libvirt Operating systems & Components / Operating system package or component pcp-pmda-json Operating systems & Components / Operating system package or component pcp-pmda-infiniband Operating systems & Components / Operating system package or component pcp-pmda-haproxy Operating systems & Components / Operating system package or component pcp-pmda-hacluster Operating systems & Components / Operating system package or component pcp-pmda-gpsd Operating systems & Components / Operating system package or component pcp-pmda-gpfs Operating systems & Components / Operating system package or component pcp-pmda-gluster Operating systems & Components / Operating system package or component pcp-pmda-gfs2 Operating systems & Components / Operating system package or component pcp-pmda-elasticsearch Operating systems & Components / Operating system package or component pcp-pmda-ds389log Operating systems & Components / Operating system package or component pcp-pmda-ds389 Operating systems & Components / Operating system package or component pcp-pmda-docker Operating systems & Components / Operating system package or component pcp-pmda-dm Operating systems & Components / Operating system package or component pcp-pmda-denki Operating systems & Components / Operating system package or component pcp-pmda-dbping Operating systems & Components / Operating system package or component pcp-pmda-cisco Operating systems & Components / Operating system package or component pcp-pmda-cifs Operating systems & Components / Operating system package or component pcp-pmda-bpftrace Operating systems & Components / Operating system package or component pcp-pmda-bpf Operating systems & Components / Operating system package or component pcp-pmda-bonding Operating systems & Components / Operating system package or component pcp-pmda-bind2 Operating systems & Components / Operating system package or component pcp-pmda-bash Operating systems & Components / Operating system package or component pcp-pmda-apache Operating systems & Components / Operating system package or component pcp-pmda-activemq Operating systems & Components / Operating system package or component pcp-import-sar2pcp Operating systems & Components / Operating system package or component pcp-import-mrtg2pcp Operating systems & Components / Operating system package or component pcp-import-iostat2pcp Operating systems & Components / Operating system package or component pcp-import-ganglia2pcp Operating systems & Components / Operating system package or component pcp-import-collectl2pcp Operating systems & Components / Operating system package or component pcp-gui Operating systems & Components / Operating system package or component pcp-export-zabbix-agent Operating systems & Components / Operating system package or component pcp-export-pcp2zabbix Operating systems & Components / Operating system package or component pcp-export-pcp2xml Operating systems & Components / Operating system package or component pcp-export-pcp2spark Operating systems & Components / Operating system package or component pcp-export-pcp2json Operating systems & Components / Operating system package or component pcp-export-pcp2influxdb Operating systems & Components / Operating system package or component pcp-export-pcp2graphite Operating systems & Components / Operating system package or component pcp-export-pcp2elasticsearch Operating systems & Components / Operating system package or component pcp-devel Operating systems & Components / Operating system package or component pcp-debugsource Operating systems & Components / Operating system package or component pcp-debuginfo Operating systems & Components / Operating system package or component pcp-conf Operating systems & Components / Operating system package or component pcp Operating systems & Components / Operating system package or component
Vendor	openEuler

Security Bulletin

This security bulletin contains information about 2 vulnerabilities.

1) Input validation error

EUVDB-ID: #VU97613

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-45769

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input. A local user can pass specially crafted input to the application and perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

openEuler: 22.03 LTS SP4

pcp-pmda-mssql: before 5.3.7-7

pcp-pmda-bcc: before 5.3.7-7

pcp-help: before 5.3.7-7

python3-pcp: before 5.3.7-7

perl-PCP-PMDA: before 5.3.7-7

perl-PCP-MMV: before 5.3.7-7

perl-PCP-LogSummary: before 5.3.7-7

perl-PCP-LogImport: before 5.3.7-7

pcp-zeroconf: before 5.3.7-7

pcp-system-tools: before 5.3.7-7

pcp-selinux: before 5.3.7-7

pcp-pmda-zswap: before 5.3.7-7

pcp-pmda-zimbra: before 5.3.7-7

pcp-pmda-weblog: before 5.3.7-7

pcp-pmda-unbound: before 5.3.7-7

pcp-pmda-trace: before 5.3.7-7

pcp-pmda-systemd: before 5.3.7-7

pcp-pmda-summary: before 5.3.7-7

pcp-pmda-sockets: before 5.3.7-7

pcp-pmda-snmp: before 5.3.7-7

pcp-pmda-smart: before 5.3.7-7

pcp-pmda-slurm: before 5.3.7-7

pcp-pmda-shping: before 5.3.7-7

pcp-pmda-sendmail: before 5.3.7-7

pcp-pmda-samba: before 5.3.7-7

pcp-pmda-rsyslog: before 5.3.7-7

pcp-pmda-roomtemp: before 5.3.7-7

pcp-pmda-redis: before 5.3.7-7

pcp-pmda-rabbitmq: before 5.3.7-7

pcp-pmda-postgresql: before 5.3.7-7

pcp-pmda-postfix: before 5.3.7-7

pcp-pmda-podman: before 5.3.7-7

pcp-pmda-perfevent: before 5.3.7-7

pcp-pmda-pdns: before 5.3.7-7

pcp-pmda-oracle: before 5.3.7-7

pcp-pmda-openvswitch: before 5.3.7-7

pcp-pmda-openmetrics: before 5.3.7-7

pcp-pmda-nvidia-gpu: before 5.3.7-7

pcp-pmda-nutcracker: before 5.3.7-7

pcp-pmda-nginx: before 5.3.7-7

pcp-pmda-nfsclient: before 5.3.7-7

pcp-pmda-news: before 5.3.7-7

pcp-pmda-netfilter: before 5.3.7-7

pcp-pmda-netcheck: before 5.3.7-7

pcp-pmda-named: before 5.3.7-7

pcp-pmda-mysql: before 5.3.7-7

pcp-pmda-mounts: before 5.3.7-7

pcp-pmda-mongodb: before 5.3.7-7

pcp-pmda-mic: before 5.3.7-7

pcp-pmda-memcache: before 5.3.7-7

pcp-pmda-mailq: before 5.3.7-7

pcp-pmda-lustrecomm: before 5.3.7-7

pcp-pmda-lustre: before 5.3.7-7

pcp-pmda-logger: before 5.3.7-7

pcp-pmda-lmsensors: before 5.3.7-7

pcp-pmda-lio: before 5.3.7-7

pcp-pmda-libvirt: before 5.3.7-7

pcp-pmda-json: before 5.3.7-7

pcp-pmda-infiniband: before 5.3.7-7

pcp-pmda-haproxy: before 5.3.7-7

pcp-pmda-hacluster: before 5.3.7-7

pcp-pmda-gpsd: before 5.3.7-7

pcp-pmda-gpfs: before 5.3.7-7

pcp-pmda-gluster: before 5.3.7-7

pcp-pmda-gfs2: before 5.3.7-7

pcp-pmda-elasticsearch: before 5.3.7-7

pcp-pmda-ds389log: before 5.3.7-7

pcp-pmda-ds389: before 5.3.7-7

pcp-pmda-docker: before 5.3.7-7

pcp-pmda-dm: before 5.3.7-7

pcp-pmda-denki: before 5.3.7-7

pcp-pmda-dbping: before 5.3.7-7

pcp-pmda-cisco: before 5.3.7-7

pcp-pmda-cifs: before 5.3.7-7

pcp-pmda-bpftrace: before 5.3.7-7

pcp-pmda-bpf: before 5.3.7-7

pcp-pmda-bonding: before 5.3.7-7

pcp-pmda-bind2: before 5.3.7-7

pcp-pmda-bash: before 5.3.7-7

pcp-pmda-apache: before 5.3.7-7

pcp-pmda-activemq: before 5.3.7-7

pcp-import-sar2pcp: before 5.3.7-7

pcp-import-mrtg2pcp: before 5.3.7-7

pcp-import-iostat2pcp: before 5.3.7-7

pcp-import-ganglia2pcp: before 5.3.7-7

pcp-import-collectl2pcp: before 5.3.7-7

pcp-gui: before 5.3.7-7

pcp-export-zabbix-agent: before 5.3.7-7

pcp-export-pcp2zabbix: before 5.3.7-7

pcp-export-pcp2xml: before 5.3.7-7

pcp-export-pcp2spark: before 5.3.7-7

pcp-export-pcp2json: before 5.3.7-7

pcp-export-pcp2influxdb: before 5.3.7-7

pcp-export-pcp2graphite: before 5.3.7-7

pcp-export-pcp2elasticsearch: before 5.3.7-7

pcp-devel: before 5.3.7-7

pcp-debugsource: before 5.3.7-7

pcp-debuginfo: before 5.3.7-7

pcp-conf: before 5.3.7-7

pcp: before 5.3.7-7

CPE2.3

External links

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1294

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) UNIX symbolic link following

EUVDB-ID: #VU97612