Description
The (1) pcmd and (2) pmlogger init scripts in Performance Co-Pilot (PCP) before 3.6.10 allow local users to overwrite arbitrary files via a symlink attack on a /var/tmp/##### temporary file.
References (4)
Core 4
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/56656
Issue Tracking x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=875842
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00024.html
Issue Tracking x_refsource_confirm
https://bugzilla.novell.com/show_bug.cgi?id=782967
Scores
EPSS
0.0014
EPSS Percentile
34.2%
Details
CWE
CWE-264
Status
published
Products (17)
sgi/performance_co-pilot
2.1.1
sgi/performance_co-pilot
2.1.2
sgi/performance_co-pilot
2.1.3
sgi/performance_co-pilot
2.1.4
sgi/performance_co-pilot
2.1.5
sgi/performance_co-pilot
2.1.6
sgi/performance_co-pilot
2.1.7
sgi/performance_co-pilot
2.1.8
sgi/performance_co-pilot
2.1.9
sgi/performance_co-pilot
2.1.10
... and 7 more
Published
Nov 29, 2012
Tracked Since
Feb 18, 2026