We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2024-45770

Pcp: pmpost symlink attack allows escalating pcp to root user



Description

A vulnerability was found in Performance Co-Pilot (PCP). This flaw can only be exploited if an attacker has access to a compromised PCP system account. The issue is related to the pmpost tool, which is used to log messages in the system. Under certain conditions, it runs with high-level privileges.

Reserved 2024-09-06 | Published 2024-09-19 | Updated 2024-11-24 | Assigner redhat


MEDIUM: 4.4CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

Problem types

Improper Link Resolution Before File Access ('Link Following')

Product status

Default status
affected

0:5.3.7-22.el8_10 before *
unaffected

Default status
affected

0:5.0.2-9.el8_2 before *
unaffected

Default status
affected

0:5.2.5-8.el8_4 before *
unaffected

Default status
affected

0:5.2.5-8.el8_4 before *
unaffected

Default status
affected

0:5.2.5-8.el8_4 before *
unaffected

Default status
affected

0:5.3.5-10.el8_6 before *
unaffected

Default status
affected

0:5.3.5-10.el8_6 before *
unaffected

Default status
affected

0:5.3.5-10.el8_6 before *
unaffected

Default status
affected

0:5.3.7-19.el8_8 before *
unaffected

Default status
affected

0:6.2.0-5.el9_4 before *
unaffected

Default status
affected

0:6.2.2-7.el9_5 before *
unaffected

Default status
affected

0:5.3.5-10.el9_0 before *
unaffected

Default status
affected

0:6.0.1-8.el9_2 before *
unaffected

Default status
unknown

Default status
unknown

Timeline

2024-09-06:Reported to Red Hat.
2024-09-17:Made public.

References

access.redhat.com/errata/RHSA-2024:6837 (RHSA-2024:6837) vendor-advisory

access.redhat.com/errata/RHSA-2024:6840 (RHSA-2024:6840) vendor-advisory

access.redhat.com/errata/RHSA-2024:6842 (RHSA-2024:6842) vendor-advisory

access.redhat.com/errata/RHSA-2024:6843 (RHSA-2024:6843) vendor-advisory

access.redhat.com/errata/RHSA-2024:6844 (RHSA-2024:6844) vendor-advisory

access.redhat.com/errata/RHSA-2024:6846 (RHSA-2024:6846) vendor-advisory

access.redhat.com/errata/RHSA-2024:6847 (RHSA-2024:6847) vendor-advisory

access.redhat.com/errata/RHSA-2024:6848 (RHSA-2024:6848) vendor-advisory

access.redhat.com/errata/RHSA-2024:9452 (RHSA-2024:9452) vendor-advisory

access.redhat.com/security/cve/CVE-2024-45770 vdb-entry

bugzilla.redhat.com/show_bug.cgi?id=2310451 (RHBZ#2310451) issue-tracking

cve.org (CVE-2024-45770)

nvd.nist.gov (CVE-2024-45770)

Download JSON

Share this page
https://cve.threatint.com/CVE/CVE-2024-45770

Support options

Helpdesk Chat, Email, Knowledgebase
Telegram Chat
Subscribe to our newsletter to learn more about our work.