Vulnerability CVE-2012-5530

Vulnerability Name:

CVE-2012-5530 (CCN-80322)

Assigned:

2012-11-20

Published:

2012-11-20

Updated:

2013-02-26

Summary:

The (1) pcmd and (2) pmlogger init scripts in Performance Co-Pilot (PCP) before 3.6.10 allow local users to overwrite arbitrary files via a symlink attack on a /var/tmp/##### temporary file.

CVSS v3 Severity:

5.1 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): Low Availibility (A): Low

CVSS v2 Severity:

2.1 Low (CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:P/A:N)
1.8 Low (Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:P/A:N/E:H/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): Partial Availibility (A): None

3.3 Low (CCN CVSS v2 Vector: AV:L/AC:M/Au:N/C:N/I:P/A:P)
2.9 Low (CCN Temporal CVSS v2 Vector: AV:L/AC:M/Au:N/C:N/I:P/A:P/E:H/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Medium Athentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): Partial Availibility (A): Partial

Vulnerability Type:

CWE-264

Vulnerability Consequences:

File Manipulation

References:

Source: MITRE
Type: CNA
CVE-2012-5530

Source: SUSE
Type: UNKNOWN
SUSE-SU-2013:0190

Source: CCN
Type: SA51932
Performance Co-Pilot Two Insecure Temporary Files Security Issues

Source: BID
Type: UNKNOWN
56656

Source: CCN
Type: BID-56656
Performance Co-Pilot CVE-2012-5530 Multiple Insecure Temporary File Creation Vulnerabilities

Source: CCN
Type: SGI Web site
Performance Co-Pilot

Source: CONFIRM
Type: UNKNOWN
https://bugzilla.novell.com/show_bug.cgi?id=782967

Source: CONFIRM
Type: UNKNOWN
https://bugzilla.redhat.com/show_bug.cgi?id=875842

Source: CCN
Type: Red Hat Bugzilla Bug 877984
CVE-2012-5530 pcp: Insecure temporary file use flaws [epel-all]

Source: XF
Type: UNKNOWN
pcp-unspec-symlink(80322)

Vulnerable Configuration:

Configuration 1:

cpe:/a:sgi:performance_co-pilot:2.1.1:*:*:*:*:*:*:*

OR cpe:/a:sgi:performance_co-pilot:2.1.2:*:*:*:*:*:*:*

OR cpe:/a:sgi:performance_co-pilot:2.1.3:*:*:*:*:*:*:*

OR cpe:/a:sgi:performance_co-pilot:2.1.4:*:*:*:*:*:*:*

OR cpe:/a:sgi:performance_co-pilot:2.1.5:*:*:*:*:*:*:*

OR cpe:/a:sgi:performance_co-pilot:2.1.6:*:*:*:*:*:*:*

OR cpe:/a:sgi:performance_co-pilot:2.1.7:*:*:*:*:*:*:*

OR cpe:/a:sgi:performance_co-pilot:2.1.8:*:*:*:*:*:*:*

OR cpe:/a:sgi:performance_co-pilot:2.1.9:*:*:*:*:*:*:*

OR cpe:/a:sgi:performance_co-pilot:2.1.10:*:*:*:*:*:*:*

OR cpe:/a:sgi:performance_co-pilot:2.1.11:*:*:*:*:*:*:*

OR cpe:/a:sgi:performance_co-pilot:2.2:*:*:*:*:*:*:*

OR cpe:/a:sgi:performance_co-pilot:3.6.4:*:*:*:*:*:*:*

OR cpe:/a:sgi:performance_co-pilot:3.6.5:*:*:*:*:*:*:*

OR cpe:/a:sgi:performance_co-pilot:3.6.6:*:*:*:*:*:*:*

OR cpe:/a:sgi:performance_co-pilot:3.6.8:*:*:*:*:*:*:*

OR cpe:/a:sgi:performance_co-pilot:*:*:*:*:*:*:*:* (Version <= 3.6.9)

Configuration CCN 1:

cpe:/a:sgi:performance_co-pilot:-:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:20125530	V	CVE-2012-5530	2022-09-02
oval:org.opensuse.security:def:1302	P	Security update for the Linux Kernel (Live Patch 3 for SLE 15 SP3) (Important)	2022-04-14
oval:org.opensuse.security:def:850	P	Security update for mozilla-nss (Important)	2022-04-11
oval:org.opensuse.security:def:112759	P	libpcp-devel-3.10.4-1.23 on GA media (Moderate)	2022-01-17
oval:org.opensuse.security:def:10445	P	Security update for busybox (Important) (in QA)	2022-01-14
oval:org.opensuse.security:def:26225	P	Security update for libsndfile (Important)	2022-01-05
oval:org.opensuse.security:def:9636	P	Security update for p11-kit (Important)	2021-12-22
oval:org.opensuse.security:def:10382	P	Security update for postgresql10 (Important)	2021-12-14
oval:org.opensuse.security:def:10377	P	Security update for xen (Moderate)	2021-12-09
oval:org.opensuse.security:def:10184	P	Security update for mariadb (Moderate)	2021-12-06
oval:org.opensuse.security:def:10668	P	Security update for the Linux Kernel (Important)	2021-12-06
oval:org.opensuse.security:def:9623	P	Security update for mozilla-nss (Important)	2021-12-06
oval:org.opensuse.security:def:9820	P	Security update for the Linux Kernel (Important)	2021-12-02
oval:org.opensuse.security:def:10369	P	Security update for python-Pygments (Important)	2021-12-01
oval:org.opensuse.security:def:10360	P	Security update for binutils (Moderate)	2021-11-04
oval:org.opensuse.security:def:9804	P	Security update for busybox (Important)	2021-10-27
oval:org.opensuse.security:def:9413	P	Security update for busybox (Important)	2021-10-27
oval:org.opensuse.security:def:9798	P	Security update for glibc (Moderate)	2021-10-12
oval:org.opensuse.security:def:9594	P	Security update for webkit2gtk3 (Important)	2021-10-04
oval:org.opensuse.security:def:106231	P	libpcp-devel-3.10.4-1.23 on GA media (Moderate)	2021-10-01
oval:org.opensuse.security:def:9779	P	Security update for openssl-1_1 (Important)	2021-08-24
oval:org.opensuse.security:def:9384	P	Security update for php7 (Important)	2021-08-20
oval:org.opensuse.security:def:10137	P	Security update for openexr (Important)	2021-08-20
oval:org.opensuse.security:def:9569	P	Security update for nodejs8 (Important)	2021-08-20
oval:org.opensuse.security:def:9577	P	Security update for spice-vdagent (Moderate)	2021-08-20
oval:org.opensuse.security:def:10318	P	Security update for go1.15 (Moderate)	2021-08-20
oval:org.opensuse.security:def:10133	P	Security update for postgresql10 (Moderate)	2021-08-19
oval:org.opensuse.security:def:47700	P	libdcerpc-binding0-32bit-4.6.16+git.124.aee309c5c18-3.32.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:48286	P	python-pyOpenSSL-16.0.0-4.17.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47372	P	liblua5_2-32bit-5.2.4-6.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47832	P	ntp-4.2.8p12-64.8.2 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47386	P	libopenssl-devel-1.0.2j-59.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47924	P	xinetd-2.3.15-8.8.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47371	P	libltdl7-2.4.2-16.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47507	P	sudo-1.8.20p2-1.3 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:48072	P	libXRes1-1.0.7-3.53 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:10690	P	Security update for the Linux Kernel (Important)	2021-08-14
oval:org.opensuse.security:def:26097	P	Security update for lasso (Important)	2021-08-02
oval:org.opensuse.security:def:9367	P	Security update for qemu (Important)	2021-07-23
oval:org.opensuse.security:def:9555	P	Security update for the Linux Kernel (Important)	2021-07-21
oval:org.opensuse.security:def:1770	P	Security update for the Linux Kernel (Important)	2021-07-15
oval:org.opensuse.security:def:10296	P	Security update for go1.15 (Important)	2021-06-30
oval:org.opensuse.security:def:10111	P	Security update for openexr (Important)	2021-06-24
oval:org.opensuse.security:def:10293	P	Security update for openexr (Important)	2021-06-24
oval:org.opensuse.security:def:9345	P	Security update for ucode-intel (Important)	2021-06-10
oval:org.opensuse.security:def:10098	P	Security update for MozillaFirefox (Important)	2021-06-09
oval:org.opensuse.security:def:11350	P	libXxf86vm1-1.1.3-3.54 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48599	P	perl-XML-LibXML-2.0019-5.3 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48497	P	libgoa-1_0-0-3.20.4-7.2 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:36472	P	libpcp3-3.6.10-0.3.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:124561	P	libpcp-devel-3.11.9-6.7.2 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:16284	P	libpcp-devel-3.6.10-4.124 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48370	P	apache2-mod_nss-1.0.14-18.3 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:72578	P	libpcp-devel-3.11.9-3.116 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:15645	P	libpcp3-3.6.10-4.124 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:16555	P	libpcp-devel-3.11.9-6.7.2 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:62859	P	libpcp-devel-3.11.9-3.116 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:15830	P	libpcp-devel-3.6.10-4.124 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:11328	P	kernel-default-3.12.28-4.6 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48528	P	libnghttp2-14-1.7.1-1.84 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48432	P	gnome-shell-3.20.4-70.4 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:16040	P	libpcp-devel-3.6.10-4.124 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:9337	P	Security update for libwebp (Critical)	2021-06-04
oval:org.opensuse.security:def:10091	P	Security update for libwebp (Critical)	2021-06-04
oval:org.opensuse.security:def:10089	P	Security update for djvulibre (Important)	2021-06-04
oval:org.opensuse.security:def:10677	P	Security update for MozillaThunderbird (Moderate)	2021-06-04
oval:org.opensuse.security:def:10069	P	Security update for cifs-utils (Important)	2021-04-30
oval:org.opensuse.security:def:9494	P	Security update for MozillaFirefox (Important)	2021-04-29
oval:org.opensuse.security:def:9309	P	Security update for sudo (Important)	2021-04-20
oval:org.opensuse.security:def:26033	P	Security update for ImageMagick (Moderate)	2021-04-20
oval:org.opensuse.security:def:10061	P	Security update for qemu (Important)	2021-04-16
oval:org.opensuse.security:def:9685	P	Security update for umoci (Important)	2021-04-09
oval:org.opensuse.security:def:9475	P	Security update for tomcat (Important)	2021-03-30
oval:org.opensuse.security:def:9670	P	Security update for gnutls (Important)	2021-03-24
oval:org.opensuse.security:def:9473	P	Security update for gnutls (Important)	2021-03-24
oval:org.opensuse.security:def:9868	P	Security update for ruby2.5 (Important)	2021-03-24
oval:org.opensuse.security:def:9866	P	Security update for glib2 (Important)	2021-03-19
oval:org.opensuse.security:def:10218	P	Security update for the Linux Kernel (Important)	2021-03-09
oval:org.opensuse.security:def:9658	P	Security update for postgresql12 (Moderate)	2021-03-03
oval:org.opensuse.security:def:9460	P	Security update for bind (Important)	2021-03-02
oval:org.opensuse.security:def:9855	P	Security update for bind (Important)	2021-03-02
oval:org.opensuse.security:def:9846	P	Security update for salt (Critical)	2021-02-26
oval:org.opensuse.security:def:10399	P	Security update for python-Jinja2 (Important)	2021-02-26
oval:org.opensuse.security:def:9451	P	Security update for php7 (Important)	2021-02-24
oval:org.opensuse.security:def:9645	P	Security update for webkit2gtk3 (Important)	2021-02-24
oval:org.opensuse.security:def:10199	P	Security update for openvswitch (Important)	2021-02-11
oval:org.opensuse.security:def:9409	P	Security update for python-urllib3 (Moderate)	2021-02-08
oval:org.opensuse.security:def:9790	P	Security update for openvswitch (Important)	2021-02-03
oval:org.opensuse.security:def:9547	P	Security update for go1.14 (Moderate)	2021-01-26
oval:org.opensuse.security:def:9704	P	Security update for ImageMagick (Moderate)	2021-01-18
oval:org.opensuse.security:def:9275	P	Security update for openssl-1_1 (Important)	2020-12-09
oval:org.opensuse.security:def:11020	P	Security update for rclone (Moderate)	2020-12-05
oval:org.opensuse.security:def:16864	P	libpcp-devel-3.11.9-6.7.2 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:4028	P	libpcp-devel-3.11.9-6.7.2 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:26022	P	Security update for icu (Moderate)	2020-12-01
oval:org.opensuse.security:def:10492	P	libevent-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:10626	P	apache2-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26598	P	libpulse-browse0 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26797	P	pam_krb5 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:9182	P	libxml2-2 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26739	P	libapr1 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:10528	P	libpcp-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:10749	P	libjavascriptcoregtk-1_0-0 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:10022	P	xorg-x11-libs on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:10507	P	libimobiledevice-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:49743	P	libpcp-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:49689	P	libpotrace0 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26306	P	Security update for python-Jinja2 (Moderate)	2020-12-01
oval:org.opensuse.security:def:26651	P	xen on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:27435	P	libblkid-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:9228	P	ppp on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26753	P	libmysqlclient15-32bit on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:10771	P	libpcp-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:9913	P	libraptor2-0 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:10047	P	cyrus-sasl-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26021	P	Security update for libreoffice (Moderate)	2020-12-01
oval:org.opensuse.security:def:10526	P	libotr-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26363	P	Security update for libgit2 (Moderate)	2020-12-01
oval:org.opensuse.security:def:26700	P	freetype2 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:27470	P	libpcp3 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:9928	P	libtiff5 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:11042	P	libpcp-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:9152	P	libsnmp30-32bit on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:10601	P	sudo-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26447	P	Security update for pdns (Important)	2020-12-01
oval:org.opensuse.security:def:9160	P	libsystemd0 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:9290	P	xf86-video-intel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:10506	P	libidn-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:9947	P	mutt on GA media (Moderate)	2020-12-01
oval:com.ubuntu.precise:def:20125530000	V	CVE-2012-5530 on Ubuntu 12.04 LTS (precise) - medium.	2012-11-29
oval:com.ubuntu.xenial:def:201255300000000	V	CVE-2012-5530 on Ubuntu 16.04 LTS (xenial) - medium.	2012-11-29
oval:com.ubuntu.trusty:def:20125530000	V	CVE-2012-5530 on Ubuntu 14.04 LTS (trusty) - medium.	2012-11-29
oval:com.ubuntu.xenial:def:20125530000	V	CVE-2012-5530 on Ubuntu 16.04 LTS (xenial) - medium.	2012-11-29

BACK