Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2012-3421

The pduread function in pdu.c in libpcp in Performance Co-Pilot (PCP) before 3.6.5 does not properly time out connections, which allows remote attackers to cause a denial of service (pmcd hang) by sending individual bytes of a PDU separately, related to an "event-driven programming flaw."

Related bugs and status

CVE-2012-3421 (Candidate) is related to these bugs:

Bug #1700827: [MIR] pcp package

		In	Importance	Status
1700827	[MIR] pcp package	pcp (Ubuntu)	Medium	Invalid
1700827	[MIR] pcp package	pcp	Unknown	Fix Released
1700827	[MIR] pcp package	pcp (Debian)	Unknown	Fix Released

See the

CVE page on Mitre.org for more details.

References

MLIST: [oss-security] 2012081...
MISC: https://bugzilla.redha...
CONFIRM: http://oss.sgi.com/cgi...
CONFIRM: http://oss.sgi.com/cgi...
FEDORA: FEDORA-2012-12024
FEDORA: FEDORA-2012-12076
DEBIAN: DSA-2533
SUSE: openSUSE-SU-2012:1079
SUSE: openSUSE-SU-2012:1081
SUSE: openSUSE-SU-2012:1036
SUSE: SUSE-SU-2013:0190