#VU97612 UNIX symbolic link following in pcp


Vulnerability identifier: #VU97612

Vulnerability risk: Low

CVSSv3.1: 3.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-45770

CWE-ID: CWE-61

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
pcp
Universal components / Libraries / Libraries used by multiple products

Vendor: Performance Co-Pilot

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a symlink following issue within the pmpost tool, which runs under certain circumstances with elevated privileges. A local user can create a specially crafted symbolic link to a critical file on the system and overwrite it with privileges of the application.

Successful exploitation of this vulnerability may result in privilege escalation.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

pcp: 6.0.0 - 6.3.0

External links
http://access.redhat.com/security/cve/CVE-2024-45770
http://bugzilla.redhat.com/show_bug.cgi?id=2310451

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


Red Hat Enterprise Linux 9 update for pcp
SUSE update for pcp
SUSE update for pcp
Multiple vulnerabilities in Red Hat OpenShift Container Platform 4.17
Multiple vulnerabilities in Oracle Linux
SUSE update for pcp
Multiple vulnerabilities in Red Hat OpenShift Container Platform 4.16
Red Hat Enterprise Linux 9 update for pcp
Red Hat Enterprise Linux 9 update for pcp
Red Hat Enterprise Linux 9 update for pcp