CVE-2012-5530

NameCVE-2012-5530
DescriptionThe (1) pcmd and (2) pmlogger init scripts in Performance Co-Pilot (PCP) before 3.6.10 allow local users to overwrite arbitrary files via a symlink attack on a /var/tmp/##### temporary file.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SuSE, Mageia, GitHub code/issues, web search, more)
NVD severitylow (attack range: local)
Debian Bugs698735

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
pcp (PTS)jessie3.9.10fixed
sid3.12.1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
pcpsource(unstable)3.7.1low698735
pcpsourcesqueeze3.3.3-squeeze3low

Notes

first package in unstable is 3.7.1 (package has no debian revision)
Search for package or bug name: Reporting problems