CVE-2012-3421

Name of the Vulnerable Software and Affected Versions libpcp versions prior to 3.6.5 pcp-import-iostat2pcp (affected versions not specified) pcp-import-sar2pcp (affected versions not specified) pcp-devel (affected versions not specified) pcp-import-mrtg2pcp (affected versions not specified) pcp (affected versions not specified) permissions (affected versions not specified) pcp-import-sheet2pcp (affected versions not specified)

Description The issue concerns multiple vulnerabilities in various packages of the SUSE Linux Enterprise and Debian GNU/Linux operating systems, which can lead to a disruption of protected information availability. These vulnerabilities can be exploited remotely. The pduread function in pdu.c in libpcp does not properly time out connections, allowing remote attackers to cause a denial of service by sending individual bytes of a PDU separately.

Recommendations For libpcp versions prior to 3.6.5, update to version 3.6.5 or later to resolve the issue. For pcp-import-iostat2pcp, consider disabling the package until a patch is available. For pcp-import-sar2pcp, restrict access to the package to minimize the risk of exploitation. For pcp-devel, avoid using the package until the issue is resolved. For pcp-import-mrtg2pcp, consider disabling the package until a patch is available. For pcp, restrict access to the package to minimize the risk of exploitation. For permissions, consider disabling the package until a patch is available. For pcp-import-sheet2pcp, consider disabling the package until a patch is available. At the moment, there is no information about a newer version that contains a fix for these vulnerabilities, except for libpcp.