PT-2020-2768 · Performance Co Pilot+3 · Pcp+3
Johannes Segitz
·
Published
2019-10-14
·
Updated
2024-06-15
·
CVE-2019-3696
CVSS v3.1
8.4
High
| Vector | AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
pcp versions prior to 3.11.9-5.8.1
pcp versions prior to 4.3.1-3.5.3
pcp versions prior to 3.11.9-6.14.1
pcp versions prior to 4.3.1-lp151.2.3.1
Description
The issue is related to an Improper Limitation of a Pathname to a Restricted Directory vulnerability in the packaging of pcp. This allows a local user to overwrite arbitrary files with arbitrary content. The vulnerability can be exploited to execute arbitrary code.
Recommendations
For pcp versions prior to 3.11.9-5.8.1, update to version 3.11.9-5.8.1 or later.
For pcp versions prior to 4.3.1-3.5.3, update to version 4.3.1-3.5.3 or later.
For pcp versions prior to 3.11.9-6.14.1, update to version 3.11.9-6.14.1 or later.
For pcp versions prior to 4.3.1-lp151.2.3.1, update to version 4.3.1-lp151.2.3.1 or later.
Exploit
Fix
Path traversal
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Centos
Red Hat
Suse
Pcp