CVE-2012-3418

Name of the Vulnerable Software and Affected Versions Performance Co-Pilot (PCP) versions prior to 3.6.5 SUSE Linux Enterprise pcp package (affected versions not specified) Debian GNU/Linux pcp package (affected versions not specified)

Description The issue involves multiple vulnerabilities in the Performance Co-Pilot (PCP) package, which can lead to a denial of service and potentially allow the execution of arbitrary code. These vulnerabilities can be exploited remotely. The vulnerabilities are caused by various issues, including integer overflows, heap-based buffer overflows, and buffer over-reads, which can occur when processing certain input, such as PDUs with specific field values or crafted requests.

Recommendations For Performance Co-Pilot (PCP) versions prior to 3.6.5, update to version 3.6.5 or later to resolve the issue. For SUSE Linux Enterprise pcp package, update to a version that includes the fix for these vulnerabilities. For Debian GNU/Linux pcp package, update to a version that includes the fix for these vulnerabilities. As a temporary workaround, consider restricting access to the vulnerable package until a patch is available.