Performance Co-Pilot (pcp): Unsafe use of Directories in /var/lib/pcp and /var/log/pcp breaks pcp Service User Isolation (CVE-2023-6917)

Performance Co-Pilot (pcp): Unsafe use of Directories in /var/lib/pcp and /var/log/pcp breaks pcp Service User Isolation (CVE-2023-6917)

Open Source Security [[{„value“:“

Posted by Matthias Gerstner on Feb 28

Hello list,

this report is about a local pcp to root user exploit in the PCP
performance analysis toolkit. You can also find a rendered HTML version
of this report on our blog [1].

1) Introduction
===============

Performance Co-Pilot (pcp) [2] is a performance analysis toolkit
that allows to gather and evaluate data on a local system and also share this
data over the network in a distributed manner.

During routine reviews we noticed issues in…
„}]] Read More 

Schreibe einen Kommentar

Deine E-Mail-Adresse wird nicht veröffentlicht. Erforderliche Felder sind mit * markiert