vulnerability

Red Hat: CVE-2024-45770: pcp: pmpost symlink attack allows escalating pcp to root user (Multiple Advisories)

Severity
3
CVSS
(AV:L/AC:L/Au:S/C:P/I:P/A:N)
Published
2024-09-17
Added
2024-09-20
Modified
2024-11-13

Description

A vulnerability was found in Performance Co-Pilot (PCP). This flaw can only be exploited if an attacker has access to a compromised PCP system account. The issue is related to the pmpost tool, which is used to log messages in the system. Under certain conditions, it runs with high-level privileges.

Solution(s)

redhat-upgrade-pcpredhat-upgrade-pcp-confredhat-upgrade-pcp-debuginforedhat-upgrade-pcp-debugsourceredhat-upgrade-pcp-develredhat-upgrade-pcp-devel-debuginforedhat-upgrade-pcp-docredhat-upgrade-pcp-export-pcp2elasticsearchredhat-upgrade-pcp-export-pcp2graphiteredhat-upgrade-pcp-export-pcp2influxdbredhat-upgrade-pcp-export-pcp2jsonredhat-upgrade-pcp-export-pcp2openmetricsredhat-upgrade-pcp-export-pcp2sparkredhat-upgrade-pcp-export-pcp2xmlredhat-upgrade-pcp-export-pcp2zabbixredhat-upgrade-pcp-export-zabbix-agentredhat-upgrade-pcp-export-zabbix-agent-debuginforedhat-upgrade-pcp-geolocateredhat-upgrade-pcp-guiredhat-upgrade-pcp-gui-debuginforedhat-upgrade-pcp-import-collectl2pcpredhat-upgrade-pcp-import-collectl2pcp-debuginforedhat-upgrade-pcp-import-ganglia2pcpredhat-upgrade-pcp-import-iostat2pcpredhat-upgrade-pcp-import-mrtg2pcpredhat-upgrade-pcp-import-sar2pcpredhat-upgrade-pcp-libsredhat-upgrade-pcp-libs-debuginforedhat-upgrade-pcp-libs-develredhat-upgrade-pcp-pmda-activemqredhat-upgrade-pcp-pmda-apacheredhat-upgrade-pcp-pmda-apache-debuginforedhat-upgrade-pcp-pmda-bashredhat-upgrade-pcp-pmda-bash-debuginforedhat-upgrade-pcp-pmda-bccredhat-upgrade-pcp-pmda-bind2redhat-upgrade-pcp-pmda-bondingredhat-upgrade-pcp-pmda-bpfredhat-upgrade-pcp-pmda-bpf-debuginforedhat-upgrade-pcp-pmda-bpftraceredhat-upgrade-pcp-pmda-cifsredhat-upgrade-pcp-pmda-cifs-debuginforedhat-upgrade-pcp-pmda-ciscoredhat-upgrade-pcp-pmda-cisco-debuginforedhat-upgrade-pcp-pmda-dbpingredhat-upgrade-pcp-pmda-denkiredhat-upgrade-pcp-pmda-denki-debuginforedhat-upgrade-pcp-pmda-dmredhat-upgrade-pcp-pmda-dm-debuginforedhat-upgrade-pcp-pmda-dockerredhat-upgrade-pcp-pmda-docker-debuginforedhat-upgrade-pcp-pmda-ds389redhat-upgrade-pcp-pmda-ds389logredhat-upgrade-pcp-pmda-elasticsearchredhat-upgrade-pcp-pmda-farmredhat-upgrade-pcp-pmda-farm-debuginforedhat-upgrade-pcp-pmda-gfs2redhat-upgrade-pcp-pmda-gfs2-debuginforedhat-upgrade-pcp-pmda-glusterredhat-upgrade-pcp-pmda-gpfsredhat-upgrade-pcp-pmda-gpsdredhat-upgrade-pcp-pmda-haclusterredhat-upgrade-pcp-pmda-hacluster-debuginforedhat-upgrade-pcp-pmda-haproxyredhat-upgrade-pcp-pmda-infinibandredhat-upgrade-pcp-pmda-infiniband-debuginforedhat-upgrade-pcp-pmda-jsonredhat-upgrade-pcp-pmda-libvirtredhat-upgrade-pcp-pmda-lioredhat-upgrade-pcp-pmda-lmsensorsredhat-upgrade-pcp-pmda-loggerredhat-upgrade-pcp-pmda-logger-debuginforedhat-upgrade-pcp-pmda-lustreredhat-upgrade-pcp-pmda-lustrecommredhat-upgrade-pcp-pmda-lustrecomm-debuginforedhat-upgrade-pcp-pmda-mailqredhat-upgrade-pcp-pmda-mailq-debuginforedhat-upgrade-pcp-pmda-memcacheredhat-upgrade-pcp-pmda-micredhat-upgrade-pcp-pmda-mongodbredhat-upgrade-pcp-pmda-mountsredhat-upgrade-pcp-pmda-mounts-debuginforedhat-upgrade-pcp-pmda-mssqlredhat-upgrade-pcp-pmda-mysqlredhat-upgrade-pcp-pmda-namedredhat-upgrade-pcp-pmda-netcheckredhat-upgrade-pcp-pmda-netfilterredhat-upgrade-pcp-pmda-newsredhat-upgrade-pcp-pmda-nfsclientredhat-upgrade-pcp-pmda-nginxredhat-upgrade-pcp-pmda-nvidia-gpuredhat-upgrade-pcp-pmda-nvidia-gpu-debuginforedhat-upgrade-pcp-pmda-openmetricsredhat-upgrade-pcp-pmda-openvswitchredhat-upgrade-pcp-pmda-oracleredhat-upgrade-pcp-pmda-pdnsredhat-upgrade-pcp-pmda-perfeventredhat-upgrade-pcp-pmda-perfevent-debuginforedhat-upgrade-pcp-pmda-podmanredhat-upgrade-pcp-pmda-podman-debuginforedhat-upgrade-pcp-pmda-postfixredhat-upgrade-pcp-pmda-postgresqlredhat-upgrade-pcp-pmda-rabbitmqredhat-upgrade-pcp-pmda-redisredhat-upgrade-pcp-pmda-resctrlredhat-upgrade-pcp-pmda-resctrl-debuginforedhat-upgrade-pcp-pmda-roomtempredhat-upgrade-pcp-pmda-roomtemp-debuginforedhat-upgrade-pcp-pmda-rsyslogredhat-upgrade-pcp-pmda-sambaredhat-upgrade-pcp-pmda-sendmailredhat-upgrade-pcp-pmda-sendmail-debuginforedhat-upgrade-pcp-pmda-shpingredhat-upgrade-pcp-pmda-shping-debuginforedhat-upgrade-pcp-pmda-slurmredhat-upgrade-pcp-pmda-smartredhat-upgrade-pcp-pmda-smart-debuginforedhat-upgrade-pcp-pmda-snmpredhat-upgrade-pcp-pmda-socketsredhat-upgrade-pcp-pmda-sockets-debuginforedhat-upgrade-pcp-pmda-statsdredhat-upgrade-pcp-pmda-statsd-debuginforedhat-upgrade-pcp-pmda-summaryredhat-upgrade-pcp-pmda-summary-debuginforedhat-upgrade-pcp-pmda-systemdredhat-upgrade-pcp-pmda-systemd-debuginforedhat-upgrade-pcp-pmda-traceredhat-upgrade-pcp-pmda-trace-debuginforedhat-upgrade-pcp-pmda-unboundredhat-upgrade-pcp-pmda-uwsgiredhat-upgrade-pcp-pmda-weblogredhat-upgrade-pcp-pmda-weblog-debuginforedhat-upgrade-pcp-pmda-zimbraredhat-upgrade-pcp-pmda-zimbra-debuginforedhat-upgrade-pcp-pmda-zswapredhat-upgrade-pcp-selinuxredhat-upgrade-pcp-system-toolsredhat-upgrade-pcp-system-tools-debuginforedhat-upgrade-pcp-testsuiteredhat-upgrade-pcp-testsuite-debuginforedhat-upgrade-pcp-zeroconfredhat-upgrade-perl-pcp-logimportredhat-upgrade-perl-pcp-logimport-debuginforedhat-upgrade-perl-pcp-logsummaryredhat-upgrade-perl-pcp-mmvredhat-upgrade-perl-pcp-mmv-debuginforedhat-upgrade-perl-pcp-pmdaredhat-upgrade-perl-pcp-pmda-debuginforedhat-upgrade-python3-pcpredhat-upgrade-python3-pcp-debuginfo
Title
NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.