{"schema_version":"1.7.2","id":"OESA-2024-1435","modified":"2024-04-12T11:07:42Z","published":"2024-04-12T11:07:42Z","upstream":["CVE-2024-3019"],"summary":"pcp security update","details":"PCP provides a range of services that may be used to monitor and manage system performance. These services are distributed and scalable to accommodate the most complex system configurations and performance problems.\r\n\r\nSecurity Fix(es):\r\n\r\nA flaw was found in PCP. The default pmproxy configuration exposes the Redis server backend to the local network, allowing remote command execution with the privileges of the Redis user. This issue can only be exploited when pmproxy is running. By default, pmproxy is not running and needs to be started manually. The pmproxy service is usually started from the \u0026apos;Metrics settings\u0026apos; page of the Cockpit web interface. This flaw affects PCP versions 4.3.4 and newer.(CVE-2024-3019)","affected":[{"package":{"ecosystem":"openEuler:22.03-LTS-SP3","name":"pcp","purl":"pkg:rpm/openEuler/pcp\u0026distro=openEuler-22.03-LTS-SP3"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"5.3.7-4.oe2203sp3"}]}],"ecosystem_specific":{"aarch64":["pcp-pmda-bash-5.3.7-4.oe2203sp3.aarch64.rpm","pcp-pmda-trace-5.3.7-4.oe2203sp3.aarch64.rpm","python3-pcp-5.3.7-4.oe2203sp3.aarch64.rpm","pcp-5.3.7-4.oe2203sp3.aarch64.rpm","pcp-export-pcp2elasticsearch-5.3.7-4.oe2203sp3.aarch64.rpm","pcp-pmda-named-5.3.7-4.oe2203sp3.aarch64.rpm","pcp-pmda-ds389-5.3.7-4.oe2203sp3.aarch64.rpm","pcp-pmda-nutcracker-5.3.7-4.oe2203sp3.aarch64.rpm","pcp-pmda-openmetrics-5.3.7-4.oe2203sp3.aarch64.rpm","pcp-pmda-elasticsearch-5.3.7-4.oe2203sp3.aarch64.rpm","pcp-pmda-gfs2-5.3.7-4.oe2203sp3.aarch64.rpm","pcp-pmda-openvswitch-5.3.7-4.oe2203sp3.aarch64.rpm","perl-PCP-PMDA-5.3.7-4.oe2203sp3.aarch64.rpm","pcp-export-zabbix-agent-5.3.7-4.oe2203sp3.aarch64.rpm","pcp-pmda-news-5.3.7-4.oe2203sp3.aarch64.rpm","pcp-import-collectl2pcp-5.3.7-4.oe2203sp3.aarch64.rpm","pcp-pmda-gpsd-5.3.7-4.oe2203sp3.aarch64.rpm","pcp-import-iostat2pcp-5.3.7-4.oe2203sp3.aarch64.rpm","pcp-pmda-dm-5.3.7-4.oe2203sp3.aarch64.rpm","pcp-pmda-lustre-5.3.7-4.oe2203sp3.aarch64.rpm","pcp-zeroconf-5.3.7-4.oe2203sp3.aarch64.rpm","pcp-pmda-weblog-5.3.7-4.oe2203sp3.aarch64.rpm","pcp-debugsource-5.3.7-4.oe2203sp3.aarch64.rpm","pcp-pmda-denki-5.3.7-4.oe2203sp3.aarch64.rpm","pcp-pmda-systemd-5.3.7-4.oe2203sp3.aarch64.rpm","pcp-pmda-haproxy-5.3.7-4.oe2203sp3.aarch64.rpm","pcp-pmda-hacluster-5.3.7-4.oe2203sp3.aarch64.rpm","pcp-pmda-lmsensors-5.3.7-4.oe2203sp3.aarch64.rpm","pcp-export-pcp2influxdb-5.3.7-4.oe2203sp3.aarch64.rpm","pcp-export-pcp2zabbix-5.3.7-4.oe2203sp3.aarch64.rpm","pcp-pmda-zimbra-5.3.7-4.oe2203sp3.aarch64.rpm","pcp-pmda-rabbitmq-5.3.7-4.oe2203sp3.aarch64.rpm","pcp-export-pcp2graphite-5.3.7-4.oe2203sp3.aarch64.rpm","pcp-pmda-gpfs-5.3.7-4.oe2203sp3.aarch64.rpm","pcp-devel-5.3.7-4.oe2203sp3.aarch64.rpm","pcp-pmda-roomtemp-5.3.7-4.oe2203sp3.aarch64.rpm","pcp-pmda-postgresql-5.3.7-4.oe2203sp3.aarch64.rpm","pcp-pmda-snmp-5.3.7-4.oe2203sp3.aarch64.rpm","pcp-pmda-mongodb-5.3.7-4.oe2203sp3.aarch64.rpm","pcp-pmda-slurm-5.3.7-4.oe2203sp3.aarch64.rpm","pcp-pmda-apache-5.3.7-4.oe2203sp3.aarch64.rpm","pcp-import-ganglia2pcp-5.3.7-4.oe2203sp3.aarch64.rpm","pcp-pmda-libvirt-5.3.7-4.oe2203sp3.aarch64.rpm","pcp-gui-5.3.7-4.oe2203sp3.aarch64.rpm","pcp-pmda-redis-5.3.7-4.oe2203sp3.aarch64.rpm","pcp-pmda-memcache-5.3.7-4.oe2203sp3.aarch64.rpm","pcp-conf-5.3.7-4.oe2203sp3.aarch64.rpm","pcp-pmda-activemq-5.3.7-4.oe2203sp3.aarch64.rpm","pcp-pmda-lio-5.3.7-4.oe2203sp3.aarch64.rpm","pcp-export-pcp2spark-5.3.7-4.oe2203sp3.aarch64.rpm","pcp-pmda-json-5.3.7-4.oe2203sp3.aarch64.rpm","perl-PCP-LogImport-5.3.7-4.oe2203sp3.aarch64.rpm","pcp-pmda-sendmail-5.3.7-4.oe2203sp3.aarch64.rpm","pcp-pmda-nginx-5.3.7-4.oe2203sp3.aarch64.rpm","pcp-import-mrtg2pcp-5.3.7-4.oe2203sp3.aarch64.rpm","pcp-debuginfo-5.3.7-4.oe2203sp3.aarch64.rpm","pcp-selinux-5.3.7-4.oe2203sp3.aarch64.rpm","pcp-pmda-shping-5.3.7-4.oe2203sp3.aarch64.rpm","pcp-pmda-smart-5.3.7-4.oe2203sp3.aarch64.rpm","pcp-pmda-ds389log-5.3.7-4.oe2203sp3.aarch64.rpm","pcp-pmda-mailq-5.3.7-4.oe2203sp3.aarch64.rpm","pcp-pmda-bpftrace-5.3.7-4.oe2203sp3.aarch64.rpm","pcp-pmda-postfix-5.3.7-4.oe2203sp3.aarch64.rpm","pcp-pmda-lustrecomm-5.3.7-4.oe2203sp3.aarch64.rpm","pcp-pmda-rsyslog-5.3.7-4.oe2203sp3.aarch64.rpm","perl-PCP-MMV-5.3.7-4.oe2203sp3.aarch64.rpm","pcp-pmda-netcheck-5.3.7-4.oe2203sp3.aarch64.rpm","pcp-export-pcp2xml-5.3.7-4.oe2203sp3.aarch64.rpm","pcp-pmda-mounts-5.3.7-4.oe2203sp3.aarch64.rpm","pcp-pmda-gluster-5.3.7-4.oe2203sp3.aarch64.rpm","pcp-pmda-unbound-5.3.7-4.oe2203sp3.aarch64.rpm","pcp-pmda-pdns-5.3.7-4.oe2203sp3.aarch64.rpm","pcp-pmda-podman-5.3.7-4.oe2203sp3.aarch64.rpm","pcp-pmda-zswap-5.3.7-4.oe2203sp3.aarch64.rpm","pcp-pmda-infiniband-5.3.7-4.oe2203sp3.aarch64.rpm","pcp-pmda-nvidia-gpu-5.3.7-4.oe2203sp3.aarch64.rpm","pcp-pmda-mysql-5.3.7-4.oe2203sp3.aarch64.rpm","pcp-import-sar2pcp-5.3.7-4.oe2203sp3.aarch64.rpm","pcp-pmda-samba-5.3.7-4.oe2203sp3.aarch64.rpm","pcp-pmda-summary-5.3.7-4.oe2203sp3.aarch64.rpm","pcp-pmda-bonding-5.3.7-4.oe2203sp3.aarch64.rpm","pcp-pmda-logger-5.3.7-4.oe2203sp3.aarch64.rpm","pcp-pmda-sockets-5.3.7-4.oe2203sp3.aarch64.rpm","pcp-pmda-perfevent-5.3.7-4.oe2203sp3.aarch64.rpm","pcp-pmda-mic-5.3.7-4.oe2203sp3.aarch64.rpm","pcp-pmda-docker-5.3.7-4.oe2203sp3.aarch64.rpm","pcp-pmda-dbping-5.3.7-4.oe2203sp3.aarch64.rpm","pcp-pmda-netfilter-5.3.7-4.oe2203sp3.aarch64.rpm","pcp-pmda-cifs-5.3.7-4.oe2203sp3.aarch64.rpm","pcp-pmda-cisco-5.3.7-4.oe2203sp3.aarch64.rpm","pcp-system-tools-5.3.7-4.oe2203sp3.aarch64.rpm","pcp-pmda-bind2-5.3.7-4.oe2203sp3.aarch64.rpm","perl-PCP-LogSummary-5.3.7-4.oe2203sp3.aarch64.rpm","pcp-pmda-oracle-5.3.7-4.oe2203sp3.aarch64.rpm","pcp-export-pcp2json-5.3.7-4.oe2203sp3.aarch64.rpm","pcp-pmda-bpf-5.3.7-4.oe2203sp3.aarch64.rpm","pcp-pmda-nfsclient-5.3.7-4.oe2203sp3.aarch64.rpm"],"noarch":["pcp-help-5.3.7-4.oe2203sp3.noarch.rpm"],"src":["pcp-5.3.7-4.oe2203sp3.src.rpm"],"x86_64":["pcp-export-pcp2influxdb-5.3.7-4.oe2203sp3.x86_64.rpm","pcp-pmda-nvidia-gpu-5.3.7-4.oe2203sp3.x86_64.rpm","pcp-pmda-summary-5.3.7-4.oe2203sp3.x86_64.rpm","pcp-pmda-nfsclient-5.3.7-4.oe2203sp3.x86_64.rpm","pcp-pmda-ds389log-5.3.7-4.oe2203sp3.x86_64.rpm","pcp-5.3.7-4.oe2203sp3.x86_64.rpm","python3-pcp-5.3.7-4.oe2203sp3.x86_64.rpm","pcp-pmda-gluster-5.3.7-4.oe2203sp3.x86_64.rpm","pcp-pmda-perfevent-5.3.7-4.oe2203sp3.x86_64.rpm","pcp-devel-5.3.7-4.oe2203sp3.x86_64.rpm","pcp-pmda-dm-5.3.7-4.oe2203sp3.x86_64.rpm","pcp-pmda-bind2-5.3.7-4.oe2203sp3.x86_64.rpm","pcp-pmda-rsyslog-5.3.7-4.oe2203sp3.x86_64.rpm","pcp-import-collectl2pcp-5.3.7-4.oe2203sp3.x86_64.rpm","pcp-import-iostat2pcp-5.3.7-4.oe2203sp3.x86_64.rpm","pcp-export-pcp2json-5.3.7-4.oe2203sp3.x86_64.rpm","pcp-pmda-mysql-5.3.7-4.oe2203sp3.x86_64.rpm","pcp-system-tools-5.3.7-4.oe2203sp3.x86_64.rpm","pcp-pmda-haproxy-5.3.7-4.oe2203sp3.x86_64.rpm","pcp-pmda-ds389-5.3.7-4.oe2203sp3.x86_64.rpm","pcp-pmda-slurm-5.3.7-4.oe2203sp3.x86_64.rpm","pcp-pmda-postgresql-5.3.7-4.oe2203sp3.x86_64.rpm","pcp-export-pcp2zabbix-5.3.7-4.oe2203sp3.x86_64.rpm","pcp-pmda-netcheck-5.3.7-4.oe2203sp3.x86_64.rpm","pcp-pmda-systemd-5.3.7-4.oe2203sp3.x86_64.rpm","pcp-pmda-docker-5.3.7-4.oe2203sp3.x86_64.rpm","pcp-pmda-nutcracker-5.3.7-4.oe2203sp3.x86_64.rpm","pcp-pmda-activemq-5.3.7-4.oe2203sp3.x86_64.rpm","pcp-pmda-pdns-5.3.7-4.oe2203sp3.x86_64.rpm","pcp-export-pcp2graphite-5.3.7-4.oe2203sp3.x86_64.rpm","pcp-pmda-news-5.3.7-4.oe2203sp3.x86_64.rpm","pcp-pmda-unbound-5.3.7-4.oe2203sp3.x86_64.rpm","pcp-pmda-rabbitmq-5.3.7-4.oe2203sp3.x86_64.rpm","pcp-conf-5.3.7-4.oe2203sp3.x86_64.rpm","pcp-zeroconf-5.3.7-4.oe2203sp3.x86_64.rpm","pcp-pmda-bpftrace-5.3.7-4.oe2203sp3.x86_64.rpm","pcp-pmda-elasticsearch-5.3.7-4.oe2203sp3.x86_64.rpm","pcp-pmda-netfilter-5.3.7-4.oe2203sp3.x86_64.rpm","pcp-pmda-snmp-5.3.7-4.oe2203sp3.x86_64.rpm","pcp-pmda-zimbra-5.3.7-4.oe2203sp3.x86_64.rpm","perl-PCP-MMV-5.3.7-4.oe2203sp3.x86_64.rpm","pcp-gui-5.3.7-4.oe2203sp3.x86_64.rpm","pcp-debuginfo-5.3.7-4.oe2203sp3.x86_64.rpm","pcp-pmda-mailq-5.3.7-4.oe2203sp3.x86_64.rpm","pcp-import-ganglia2pcp-5.3.7-4.oe2203sp3.x86_64.rpm","pcp-pmda-redis-5.3.7-4.oe2203sp3.x86_64.rpm","perl-PCP-LogSummary-5.3.7-4.oe2203sp3.x86_64.rpm","perl-PCP-LogImport-5.3.7-4.oe2203sp3.x86_64.rpm","pcp-pmda-apache-5.3.7-4.oe2203sp3.x86_64.rpm","pcp-export-pcp2elasticsearch-5.3.7-4.oe2203sp3.x86_64.rpm","pcp-pmda-oracle-5.3.7-4.oe2203sp3.x86_64.rpm","pcp-pmda-lio-5.3.7-4.oe2203sp3.x86_64.rpm","pcp-pmda-mic-5.3.7-4.oe2203sp3.x86_64.rpm","pcp-pmda-lustrecomm-5.3.7-4.oe2203sp3.x86_64.rpm","pcp-pmda-openvswitch-5.3.7-4.oe2203sp3.x86_64.rpm","pcp-pmda-memcache-5.3.7-4.oe2203sp3.x86_64.rpm","pcp-pmda-nginx-5.3.7-4.oe2203sp3.x86_64.rpm","pcp-pmda-lustre-5.3.7-4.oe2203sp3.x86_64.rpm","pcp-pmda-roomtemp-5.3.7-4.oe2203sp3.x86_64.rpm","pcp-pmda-sendmail-5.3.7-4.oe2203sp3.x86_64.rpm","pcp-pmda-named-5.3.7-4.oe2203sp3.x86_64.rpm","pcp-pmda-zswap-5.3.7-4.oe2203sp3.x86_64.rpm","pcp-pmda-gfs2-5.3.7-4.oe2203sp3.x86_64.rpm","pcp-pmda-postfix-5.3.7-4.oe2203sp3.x86_64.rpm","pcp-pmda-mongodb-5.3.7-4.oe2203sp3.x86_64.rpm","pcp-pmda-dbping-5.3.7-4.oe2203sp3.x86_64.rpm","pcp-pmda-json-5.3.7-4.oe2203sp3.x86_64.rpm","pcp-pmda-mounts-5.3.7-4.oe2203sp3.x86_64.rpm","pcp-pmda-infiniband-5.3.7-4.oe2203sp3.x86_64.rpm","pcp-pmda-lmsensors-5.3.7-4.oe2203sp3.x86_64.rpm","pcp-pmda-weblog-5.3.7-4.oe2203sp3.x86_64.rpm","pcp-pmda-trace-5.3.7-4.oe2203sp3.x86_64.rpm","pcp-debugsource-5.3.7-4.oe2203sp3.x86_64.rpm","pcp-pmda-smart-5.3.7-4.oe2203sp3.x86_64.rpm","pcp-import-mrtg2pcp-5.3.7-4.oe2203sp3.x86_64.rpm","pcp-pmda-logger-5.3.7-4.oe2203sp3.x86_64.rpm","pcp-export-zabbix-agent-5.3.7-4.oe2203sp3.x86_64.rpm","pcp-pmda-bash-5.3.7-4.oe2203sp3.x86_64.rpm","pcp-pmda-cifs-5.3.7-4.oe2203sp3.x86_64.rpm","pcp-pmda-podman-5.3.7-4.oe2203sp3.x86_64.rpm","pcp-import-sar2pcp-5.3.7-4.oe2203sp3.x86_64.rpm","pcp-pmda-gpfs-5.3.7-4.oe2203sp3.x86_64.rpm","pcp-pmda-denki-5.3.7-4.oe2203sp3.x86_64.rpm","pcp-pmda-openmetrics-5.3.7-4.oe2203sp3.x86_64.rpm","pcp-pmda-samba-5.3.7-4.oe2203sp3.x86_64.rpm","pcp-pmda-mssql-5.3.7-4.oe2203sp3.x86_64.rpm","pcp-pmda-bcc-5.3.7-4.oe2203sp3.x86_64.rpm","pcp-pmda-libvirt-5.3.7-4.oe2203sp3.x86_64.rpm","pcp-selinux-5.3.7-4.oe2203sp3.x86_64.rpm","pcp-pmda-bpf-5.3.7-4.oe2203sp3.x86_64.rpm","pcp-pmda-cisco-5.3.7-4.oe2203sp3.x86_64.rpm","pcp-pmda-sockets-5.3.7-4.oe2203sp3.x86_64.rpm","perl-PCP-PMDA-5.3.7-4.oe2203sp3.x86_64.rpm","pcp-pmda-gpsd-5.3.7-4.oe2203sp3.x86_64.rpm","pcp-export-pcp2spark-5.3.7-4.oe2203sp3.x86_64.rpm","pcp-pmda-shping-5.3.7-4.oe2203sp3.x86_64.rpm","pcp-pmda-bonding-5.3.7-4.oe2203sp3.x86_64.rpm","pcp-pmda-hacluster-5.3.7-4.oe2203sp3.x86_64.rpm","pcp-export-pcp2xml-5.3.7-4.oe2203sp3.x86_64.rpm"]}}],"references":[{"type":"ADVISORY","url":"https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2024-1435"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2024-3019"}],"database_specific":{"severity":"High"}}