FeedlyFeedly
CVEsCVEs
Threat IntelligenceThreat Intelligence
Threat IntelligenceThreat Intelligence
Log in
ChangelogChangelog
ChangelogChangelog
Log in
Log in
Start Free Trial
Start Free Trial
FeedlyFeedly
CVEsCVEs
Threat IntelligenceThreat Intelligence
Threat IntelligenceThreat Intelligence
Log in
ChangelogChangelog
ChangelogChangelog
Log in
Log in
Start Free Trial
Start Free Trial

CVE-2024-45770

Improper Link Resolution Before File Access ('Link Following') (CWE-59)

Published: Sep 19, 2024 / Updated: 2mo ago

010
CVSS 4.4EPSS 0.04%Medium
CVE info copied to clipboard

Summary

A vulnerability was found in Performance Co-Pilot (PCP). This flaw can only be exploited if an attacker has access to a compromised PCP system account. The issue is related to the pmpost tool, which is used to log messages in the system. Under certain conditions, it runs with high-level privileges.

Impact

The vulnerability allows an attacker with access to a compromised PCP system account to potentially escalate privileges through the pmpost tool. This could lead to unauthorized access to sensitive information or system resources. The CVSS v3.1 base score is 4.4, indicating a medium severity. The impact on confidentiality and integrity is low, with no impact on availability. The attack vector is local, requiring the attacker to have prior access to the system.

Exploitation

There is no evidence that a public proof-of-concept exists. There is no evidence of proof of exploitation at the moment.

Patch

Based on the provided information, there is no specific mention of a patch being available.

Mitigation

While no specific mitigation steps are provided in the given data, general recommendations would include: 1. Limit access to PCP system accounts to only necessary personnel. 2. Monitor and audit the use of the pmpost tool. 3. Implement the principle of least privilege for all system accounts. 4. Keep the Performance Co-Pilot (PCP) software updated to the latest version, once a patch becomes available. 5. Implement strong authentication mechanisms for all system accounts.

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

Timeline

Vendor Advisory

RedHat released a security advisory (RHSA-2024:6848).

Sep 19, 2024 at 8:00 AM
CVE Assignment

NVD published the first details for CVE-2024-45770

Sep 19, 2024 at 9:15 AM
CVSS

A CVSS base score of 4.4 has been assigned.

Sep 19, 2024 at 9:15 AM / nvd
First Article

Feedly found the first article mentioning CVE-2024-45770. See article

Sep 19, 2024 at 9:18 AM / National Vulnerability Database
CVSS Estimate

Feedly estimated the CVSS score as HIGH

Sep 19, 2024 at 9:18 AM
Detection in Vulnerability Scanners

Detection for the vulnerability has been added to Nessus (207451)

Sep 19, 2024 at 7:16 PM
Detection in Vulnerability Scanners

Detection for the vulnerability has been added to Nessus (207449)

Sep 19, 2024 at 7:16 PM
Detection in Vulnerability Scanners

Detection for the vulnerability has been added to Nessus (207450)

Sep 19, 2024 at 7:16 PM
Detection in Vulnerability Scanners

Detection for the vulnerability has been added to Nessus (207445)

Sep 19, 2024 at 7:16 PM
Static CVE Timeline Graph

Affected Systems

Sgi/performance_co-pilot
+null more

Patches

Oracle
+null more

Links to Mitre Att&cks

T1547.009: Shortcut Modification
+null more

Attack Patterns

CAPEC-132: Symlink Attack
+null more

References

性能监控套件PCP安全漏洞分析与审查结果:CVE-2024-45769和CVE-2024-45770
玄武实验室每日安全 / 2mo
A simple way to run such a reproducer is by using the `netcat` utility in this manner: nc -U /run/pcp/pmcd.socket <reproducer-file 5) Findings =========== Bugfixes for these issues are found in the recent 6.3.1 upstream release [3]. When running `pmcd` in Valgrind then the following output can be seen: Conditional jump or move depends on uninitialised value(s) at 0x48B83A5: __pmDecodeCreds (p_creds.c:74) by 0x11BFFD: DoCreds (dopdus.c:1427) by 0x111F1C: HandleClientInput (pmcd.c:469) by 0x110A74: ClientLoop (pmcd.c:880) by 0x110A74: main (pmcd.c:1192) Since the heap allocated buffer returned from `pmGetPDU()` is bigger than the actual payload (at least 1024 bytes), this only results in an undefined data error.
Performance Co-Pilot (PCP): pmcd network daemon security issues and review results (CVE-2024-45769), (CVE-2024-45770)
Open Source Security / 2mo
A simple way to run such a reproducer is by using the `netcat` utility in this manner: nc -U /run/pcp/pmcd.socket <reproducer-file 5) Findings =========== Bugfixes for these issues are found in the recent 6.3.1 upstream release [3]. When running `pmcd` in Valgrind then the following output can be seen: Conditional jump or move depends on uninitialised value(s) at 0x48B83A5: __pmDecodeCreds (p_creds.c:74) by 0x11BFFD: DoCreds (dopdus.c:1427) by 0x111F1C: HandleClientInput (pmcd.c:469) by 0x110A74: ClientLoop (pmcd.c:880) by 0x110A74: main (pmcd.c:1192) Since the heap allocated buffer returned from `pmGetPDU()` is bigger than the actual payload (at least 1024 bytes), this only results in an undefined data error.

News

oracle_linux ELSA-2024-9452: ELSA-2024-9452: pcp security update (MODERATE)
Recently Released Plugin Pipeline from Tenable / 2h
Released Last Updated: 11/20/2024 CVEs: CVE-2024-45769 , CVE-2024-45770 Plugins: 211619
KRB5, Python, Libvirt, and more updates for AlmaLinux
Linux Compatible / 22h
The virt:rhel module contains packageswhich provide user-space components used to run virtual machines using KVM.The packages also provide APIs for managing and interacting with the virtualized systems. Full details, updated packages, references, and other related information: https://errata.almalinux.org/9/ALSA-2024-9452.html
SUSE SLES12 Security Update : pcp (SUSE-SU-2024:3976-1)
Newest Plugins from Tenable / 4d
* Add version 3 PCP archive support: instance domain change-deltas, Y2038-safe timestamps, nanosecond-precision timestamps, arbitrary timezones support, 64-bit file offsets used throughout for larger (beyond 2GB) individual volumes. * Disabled 'pmda-infiniband' subpackage for SUSE Linux Enterprise 12 to resolve build issues.
suse_linux SUSE-SU-2024:3976-1: SUSE SLES12 : Security update for pcp (Important) (SUSE-SU-2024:3976-1)
In Progress Plugin Pipeline from Tenable / 4d
Development Last Updated: 11/15/2024 CVEs: CVE-2024-45770 , CVE-2024-45769 , CVE-2023-6917 , CVE-2024-3019
Red Hat Security Advisory 2024-9452-03
Advisory Files ≈ Packet Storm / 6d
Red Hat Security Advisory 2024-9452-03 - An update for pcp is now available for Red Hat Enterprise Linux 9. Issues addressed include a heap corruption vulnerability.
See 51 more articles and social media posts

CVSS V3.1

Attack Vector:Local
Attack Complexity:Low
Privileges Required:Low
User Interaction:None
Scope:Unchanged
Confidentiality:Low
Integrity:Low
Availability Impact:None

Categories

CVSS 4.4(21798)CWE-59(1181)

Be the first to know about critical vulnerabilities

Collect, analyze, and share vulnerability reports faster using AI

Feedly Threat Intelligence30-day free trial