Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.NEWSTART_CGSL_NS-SA-2020-0032_PCP.NASL
HistoryJul 21, 2020 - 12:00 a.m.

NewStart CGSL MAIN 6.01 : pcp Multiple Vulnerabilities (NS-SA-2020-0032)

2020-07-2100:00:00
This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
10

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.099 Low

EPSS

Percentile

94.9%

JSON

The remote NewStart CGSL host, running version MAIN 6.01, has pcp packages installed that are affected by multiple vulnerabilities:

  • libpcp in Performance Co-Pilot (PCP) before 3.6.5 allows remote attackers to cause a denial of service and possibly execute arbitrary code via (1) a PDU with the numcreds field value greater than the number of actual elements to the __pmDecodeCreds function in p_creds.c;
    (2) the string byte number value to the
    __pmDecodeNameList function in p_pmns.c; (3) the numids value to the __pmDecodeIDList function in p_pmns.c; (4) unspecified vectors to the __pmDecodeProfile function in p_profile.c; the (5) status number value or (6) string number value to the __pmDecodeNameList function in p_pmns.c; (7) certain input to the __pmDecodeResult function in p_result.c; (8) the name length field (namelen) to the DecodeNameReq function in p_pmns.c; (9) a crafted PDU_FETCH request to the __pmDecodeFetch function in p_fetch.c; (10) the namelen field in the
    __pmDecodeInstanceReq function in p_instance.c; (11) the buflen field to the __pmDecodeText function in p_text.c;
    (12) PDU_INSTANCE packets to the __pmDecodeInstance in p_instance.c; or the (13) c_numpmid or (14) v_numval fields to the __pmDecodeLogControl function in p_lcontrol.c, which triggers integer overflows, heap- based buffer overflows, and/or buffer over-reads.
    (CVE-2012-3418)

  • Performance Co-Pilot (PCP) before 3.6.5 exports some of the /proc file system, which allows attackers to obtain sensitive information such as proc/pid/maps and command line arguments. (CVE-2012-3419)

  • Multiple memory leaks in Performance Co-Pilot (PCP) before 3.6.5 allow remote attackers to cause a denial of service (memory consumption or daemon crash) via a large number of PDUs with (1) a crafted context number to the DoFetch function in pmcd/src/dofetch.c or (2) a negative type value to the __pmGetPDU function in libpcp/src/pdu.c. (CVE-2012-3420)

  • The pduread function in pdu.c in libpcp in Performance Co-Pilot (PCP) before 3.6.5 does not properly time out connections, which allows remote attackers to cause a denial of service (pmcd hang) by sending individual bytes of a PDU separately, related to an event-driven programming flaw. (CVE-2012-3421)

  • The (1) pcmd and (2) pmlogger init scripts in Performance Co-Pilot (PCP) before 3.6.10 allow local users to overwrite arbitrary files via a symlink attack on a /var/tmp/##### temporary file. (CVE-2012-5530)

Note that Nessus has not tested for this issue but has instead relied only on the application’s self-reported version number.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#

# The descriptive text and package checks in this plugin were
# extracted from ZTE advisory NS-SA-2020-0032. The text
# itself is copyright (C) ZTE, Inc.

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(138771);
  script_version("1.4");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/14");

  script_cve_id(
    "CVE-2012-3418",
    "CVE-2012-3419",
    "CVE-2012-3420",
    "CVE-2012-3421",
    "CVE-2012-5530"
  );
  script_bugtraq_id(55041, 56656);

  script_name(english:"NewStart CGSL MAIN 6.01 : pcp Multiple Vulnerabilities (NS-SA-2020-0032)");

  script_set_attribute(attribute:"synopsis", value:
"The remote machine is affected by multiple vulnerabilities.");
  script_set_attribute(attribute:"description", value:
"The remote NewStart CGSL host, running version MAIN 6.01, has pcp packages installed that are affected by multiple
vulnerabilities:

  - libpcp in Performance Co-Pilot (PCP) before 3.6.5 allows
    remote attackers to cause a denial of service and
    possibly execute arbitrary code via (1) a PDU with the
    numcreds field value greater than the number of actual
    elements to the __pmDecodeCreds function in p_creds.c;
    (2) the string byte number value to the
    __pmDecodeNameList function in p_pmns.c; (3) the numids
    value to the __pmDecodeIDList function in p_pmns.c; (4)
    unspecified vectors to the __pmDecodeProfile function in
    p_profile.c; the (5) status number value or (6) string
    number value to the __pmDecodeNameList function in
    p_pmns.c; (7) certain input to the __pmDecodeResult
    function in p_result.c; (8) the name length field
    (namelen) to the DecodeNameReq function in p_pmns.c; (9)
    a crafted PDU_FETCH request to the __pmDecodeFetch
    function in p_fetch.c; (10) the namelen field in the
    __pmDecodeInstanceReq function in p_instance.c; (11) the
    buflen field to the __pmDecodeText function in p_text.c;
    (12) PDU_INSTANCE packets to the __pmDecodeInstance in
    p_instance.c; or the (13) c_numpmid or (14) v_numval
    fields to the __pmDecodeLogControl function in
    p_lcontrol.c, which triggers integer overflows, heap-
    based buffer overflows, and/or buffer over-reads.
    (CVE-2012-3418)

  - Performance Co-Pilot (PCP) before 3.6.5 exports some of
    the /proc file system, which allows attackers to obtain
    sensitive information such as proc/pid/maps and command
    line arguments. (CVE-2012-3419)

  - Multiple memory leaks in Performance Co-Pilot (PCP)
    before 3.6.5 allow remote attackers to cause a denial of
    service (memory consumption or daemon crash) via a large
    number of PDUs with (1) a crafted context number to the
    DoFetch function in pmcd/src/dofetch.c or (2) a negative
    type value to the __pmGetPDU function in
    libpcp/src/pdu.c. (CVE-2012-3420)

  - The pduread function in pdu.c in libpcp in Performance
    Co-Pilot (PCP) before 3.6.5 does not properly time out
    connections, which allows remote attackers to cause a
    denial of service (pmcd hang) by sending individual
    bytes of a PDU separately, related to an event-driven
    programming flaw. (CVE-2012-3421)

  - The (1) pcmd and (2) pmlogger init scripts in
    Performance Co-Pilot (PCP) before 3.6.10 allow local
    users to overwrite arbitrary files via a symlink attack
    on a /var/tmp/##### temporary file. (CVE-2012-5530)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"http://security.gd-linux.com/notice/NS-SA-2020-0032");
  script_set_attribute(attribute:"solution", value:
"Upgrade the vulnerable CGSL pcp packages. Note that updated packages may not be available yet. Please contact ZTE for
more information.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2012-3419");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");

  script_set_attribute(attribute:"vuln_publication_date", value:"2012/08/27");
  script_set_attribute(attribute:"patch_publication_date", value:"2020/07/17");
  script_set_attribute(attribute:"plugin_publication_date", value:"2020/07/21");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"NewStart CGSL Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/ZTE-CGSL/release", "Host/ZTE-CGSL/rpm-list", "Host/cpu");

  exit(0);
}

include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);

release = get_kb_item("Host/ZTE-CGSL/release");
if (isnull(release) || release !~ "^CGSL (MAIN|CORE)") audit(AUDIT_OS_NOT, "NewStart Carrier Grade Server Linux");

if (release !~ "CGSL MAIN 6.01")
  audit(AUDIT_OS_NOT, 'NewStart CGSL MAIN 6.01');

if (!get_kb_item("Host/ZTE-CGSL/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "NewStart Carrier Grade Server Linux", cpu);

flag = 0;

pkgs = {
  "CGSL MAIN 6.01": [
    "pcp-4.3.2-2.el8.cgslv6.0.2.g30e4cb1",
    "pcp-conf-4.3.2-2.el8.cgslv6.0.2.g30e4cb1",
    "pcp-debuginfo-4.3.2-2.el8.cgslv6.0.2.g30e4cb1",
    "pcp-debugsource-4.3.2-2.el8.cgslv6.0.2.g30e4cb1",
    "pcp-devel-4.3.2-2.el8.cgslv6.0.2.g30e4cb1",
    "pcp-devel-debuginfo-4.3.2-2.el8.cgslv6.0.2.g30e4cb1",
    "pcp-doc-4.3.2-2.el8.cgslv6.0.2.g30e4cb1",
    "pcp-export-pcp2elasticsearch-4.3.2-2.el8.cgslv6.0.2.g30e4cb1",
    "pcp-export-pcp2graphite-4.3.2-2.el8.cgslv6.0.2.g30e4cb1",
    "pcp-export-pcp2influxdb-4.3.2-2.el8.cgslv6.0.2.g30e4cb1",
    "pcp-export-pcp2json-4.3.2-2.el8.cgslv6.0.2.g30e4cb1",
    "pcp-export-pcp2spark-4.3.2-2.el8.cgslv6.0.2.g30e4cb1",
    "pcp-export-pcp2xml-4.3.2-2.el8.cgslv6.0.2.g30e4cb1",
    "pcp-export-pcp2zabbix-4.3.2-2.el8.cgslv6.0.2.g30e4cb1",
    "pcp-export-zabbix-agent-4.3.2-2.el8.cgslv6.0.2.g30e4cb1",
    "pcp-export-zabbix-agent-debuginfo-4.3.2-2.el8.cgslv6.0.2.g30e4cb1",
    "pcp-gui-4.3.2-2.el8.cgslv6.0.2.g30e4cb1",
    "pcp-gui-debuginfo-4.3.2-2.el8.cgslv6.0.2.g30e4cb1",
    "pcp-import-collectl2pcp-4.3.2-2.el8.cgslv6.0.2.g30e4cb1",
    "pcp-import-collectl2pcp-debuginfo-4.3.2-2.el8.cgslv6.0.2.g30e4cb1",
    "pcp-import-ganglia2pcp-4.3.2-2.el8.cgslv6.0.2.g30e4cb1",
    "pcp-import-iostat2pcp-4.3.2-2.el8.cgslv6.0.2.g30e4cb1",
    "pcp-import-mrtg2pcp-4.3.2-2.el8.cgslv6.0.2.g30e4cb1",
    "pcp-import-sar2pcp-4.3.2-2.el8.cgslv6.0.2.g30e4cb1",
    "pcp-libs-4.3.2-2.el8.cgslv6.0.2.g30e4cb1",
    "pcp-libs-debuginfo-4.3.2-2.el8.cgslv6.0.2.g30e4cb1",
    "pcp-libs-devel-4.3.2-2.el8.cgslv6.0.2.g30e4cb1",
    "pcp-manager-4.3.2-2.el8.cgslv6.0.2.g30e4cb1",
    "pcp-manager-debuginfo-4.3.2-2.el8.cgslv6.0.2.g30e4cb1",
    "pcp-pmda-activemq-4.3.2-2.el8.cgslv6.0.2.g30e4cb1",
    "pcp-pmda-apache-4.3.2-2.el8.cgslv6.0.2.g30e4cb1",
    "pcp-pmda-apache-debuginfo-4.3.2-2.el8.cgslv6.0.2.g30e4cb1",
    "pcp-pmda-bash-4.3.2-2.el8.cgslv6.0.2.g30e4cb1",
    "pcp-pmda-bash-debuginfo-4.3.2-2.el8.cgslv6.0.2.g30e4cb1",
    "pcp-pmda-bcc-4.3.2-2.el8.cgslv6.0.2.g30e4cb1",
    "pcp-pmda-bind2-4.3.2-2.el8.cgslv6.0.2.g30e4cb1",
    "pcp-pmda-bonding-4.3.2-2.el8.cgslv6.0.2.g30e4cb1",
    "pcp-pmda-cifs-4.3.2-2.el8.cgslv6.0.2.g30e4cb1",
    "pcp-pmda-cifs-debuginfo-4.3.2-2.el8.cgslv6.0.2.g30e4cb1",
    "pcp-pmda-cisco-4.3.2-2.el8.cgslv6.0.2.g30e4cb1",
    "pcp-pmda-cisco-debuginfo-4.3.2-2.el8.cgslv6.0.2.g30e4cb1",
    "pcp-pmda-dbping-4.3.2-2.el8.cgslv6.0.2.g30e4cb1",
    "pcp-pmda-dm-4.3.2-2.el8.cgslv6.0.2.g30e4cb1",
    "pcp-pmda-dm-debuginfo-4.3.2-2.el8.cgslv6.0.2.g30e4cb1",
    "pcp-pmda-docker-4.3.2-2.el8.cgslv6.0.2.g30e4cb1",
    "pcp-pmda-docker-debuginfo-4.3.2-2.el8.cgslv6.0.2.g30e4cb1",
    "pcp-pmda-ds389-4.3.2-2.el8.cgslv6.0.2.g30e4cb1",
    "pcp-pmda-ds389log-4.3.2-2.el8.cgslv6.0.2.g30e4cb1",
    "pcp-pmda-elasticsearch-4.3.2-2.el8.cgslv6.0.2.g30e4cb1",
    "pcp-pmda-gfs2-4.3.2-2.el8.cgslv6.0.2.g30e4cb1",
    "pcp-pmda-gfs2-debuginfo-4.3.2-2.el8.cgslv6.0.2.g30e4cb1",
    "pcp-pmda-gluster-4.3.2-2.el8.cgslv6.0.2.g30e4cb1",
    "pcp-pmda-gpfs-4.3.2-2.el8.cgslv6.0.2.g30e4cb1",
    "pcp-pmda-gpsd-4.3.2-2.el8.cgslv6.0.2.g30e4cb1",
    "pcp-pmda-haproxy-4.3.2-2.el8.cgslv6.0.2.g30e4cb1",
    "pcp-pmda-infiniband-4.3.2-2.el8.cgslv6.0.2.g30e4cb1",
    "pcp-pmda-infiniband-debuginfo-4.3.2-2.el8.cgslv6.0.2.g30e4cb1",
    "pcp-pmda-json-4.3.2-2.el8.cgslv6.0.2.g30e4cb1",
    "pcp-pmda-libvirt-4.3.2-2.el8.cgslv6.0.2.g30e4cb1",
    "pcp-pmda-lio-4.3.2-2.el8.cgslv6.0.2.g30e4cb1",
    "pcp-pmda-lmsensors-4.3.2-2.el8.cgslv6.0.2.g30e4cb1",
    "pcp-pmda-logger-4.3.2-2.el8.cgslv6.0.2.g30e4cb1",
    "pcp-pmda-logger-debuginfo-4.3.2-2.el8.cgslv6.0.2.g30e4cb1",
    "pcp-pmda-lustre-4.3.2-2.el8.cgslv6.0.2.g30e4cb1",
    "pcp-pmda-lustrecomm-4.3.2-2.el8.cgslv6.0.2.g30e4cb1",
    "pcp-pmda-lustrecomm-debuginfo-4.3.2-2.el8.cgslv6.0.2.g30e4cb1",
    "pcp-pmda-mailq-4.3.2-2.el8.cgslv6.0.2.g30e4cb1",
    "pcp-pmda-mailq-debuginfo-4.3.2-2.el8.cgslv6.0.2.g30e4cb1",
    "pcp-pmda-memcache-4.3.2-2.el8.cgslv6.0.2.g30e4cb1",
    "pcp-pmda-mic-4.3.2-2.el8.cgslv6.0.2.g30e4cb1",
    "pcp-pmda-mounts-4.3.2-2.el8.cgslv6.0.2.g30e4cb1",
    "pcp-pmda-mounts-debuginfo-4.3.2-2.el8.cgslv6.0.2.g30e4cb1",
    "pcp-pmda-mysql-4.3.2-2.el8.cgslv6.0.2.g30e4cb1",
    "pcp-pmda-named-4.3.2-2.el8.cgslv6.0.2.g30e4cb1",
    "pcp-pmda-netfilter-4.3.2-2.el8.cgslv6.0.2.g30e4cb1",
    "pcp-pmda-news-4.3.2-2.el8.cgslv6.0.2.g30e4cb1",
    "pcp-pmda-nfsclient-4.3.2-2.el8.cgslv6.0.2.g30e4cb1",
    "pcp-pmda-nginx-4.3.2-2.el8.cgslv6.0.2.g30e4cb1",
    "pcp-pmda-nvidia-gpu-4.3.2-2.el8.cgslv6.0.2.g30e4cb1",
    "pcp-pmda-nvidia-gpu-debuginfo-4.3.2-2.el8.cgslv6.0.2.g30e4cb1",
    "pcp-pmda-oracle-4.3.2-2.el8.cgslv6.0.2.g30e4cb1",
    "pcp-pmda-pdns-4.3.2-2.el8.cgslv6.0.2.g30e4cb1",
    "pcp-pmda-perfevent-4.3.2-2.el8.cgslv6.0.2.g30e4cb1",
    "pcp-pmda-perfevent-debuginfo-4.3.2-2.el8.cgslv6.0.2.g30e4cb1",
    "pcp-pmda-podman-4.3.2-2.el8.cgslv6.0.2.g30e4cb1",
    "pcp-pmda-podman-debuginfo-4.3.2-2.el8.cgslv6.0.2.g30e4cb1",
    "pcp-pmda-postfix-4.3.2-2.el8.cgslv6.0.2.g30e4cb1",
    "pcp-pmda-postgresql-4.3.2-2.el8.cgslv6.0.2.g30e4cb1",
    "pcp-pmda-prometheus-4.3.2-2.el8.cgslv6.0.2.g30e4cb1",
    "pcp-pmda-redis-4.3.2-2.el8.cgslv6.0.2.g30e4cb1",
    "pcp-pmda-roomtemp-4.3.2-2.el8.cgslv6.0.2.g30e4cb1",
    "pcp-pmda-roomtemp-debuginfo-4.3.2-2.el8.cgslv6.0.2.g30e4cb1",
    "pcp-pmda-rpm-4.3.2-2.el8.cgslv6.0.2.g30e4cb1",
    "pcp-pmda-rpm-debuginfo-4.3.2-2.el8.cgslv6.0.2.g30e4cb1",
    "pcp-pmda-rsyslog-4.3.2-2.el8.cgslv6.0.2.g30e4cb1",
    "pcp-pmda-samba-4.3.2-2.el8.cgslv6.0.2.g30e4cb1",
    "pcp-pmda-sendmail-4.3.2-2.el8.cgslv6.0.2.g30e4cb1",
    "pcp-pmda-sendmail-debuginfo-4.3.2-2.el8.cgslv6.0.2.g30e4cb1",
    "pcp-pmda-shping-4.3.2-2.el8.cgslv6.0.2.g30e4cb1",
    "pcp-pmda-shping-debuginfo-4.3.2-2.el8.cgslv6.0.2.g30e4cb1",
    "pcp-pmda-slurm-4.3.2-2.el8.cgslv6.0.2.g30e4cb1",
    "pcp-pmda-smart-4.3.2-2.el8.cgslv6.0.2.g30e4cb1",
    "pcp-pmda-smart-debuginfo-4.3.2-2.el8.cgslv6.0.2.g30e4cb1",
    "pcp-pmda-snmp-4.3.2-2.el8.cgslv6.0.2.g30e4cb1",
    "pcp-pmda-summary-4.3.2-2.el8.cgslv6.0.2.g30e4cb1",
    "pcp-pmda-summary-debuginfo-4.3.2-2.el8.cgslv6.0.2.g30e4cb1",
    "pcp-pmda-systemd-4.3.2-2.el8.cgslv6.0.2.g30e4cb1",
    "pcp-pmda-systemd-debuginfo-4.3.2-2.el8.cgslv6.0.2.g30e4cb1",
    "pcp-pmda-trace-4.3.2-2.el8.cgslv6.0.2.g30e4cb1",
    "pcp-pmda-trace-debuginfo-4.3.2-2.el8.cgslv6.0.2.g30e4cb1",
    "pcp-pmda-unbound-4.3.2-2.el8.cgslv6.0.2.g30e4cb1",
    "pcp-pmda-vmware-4.3.2-2.el8.cgslv6.0.2.g30e4cb1",
    "pcp-pmda-weblog-4.3.2-2.el8.cgslv6.0.2.g30e4cb1",
    "pcp-pmda-weblog-debuginfo-4.3.2-2.el8.cgslv6.0.2.g30e4cb1",
    "pcp-pmda-zimbra-4.3.2-2.el8.cgslv6.0.2.g30e4cb1",
    "pcp-pmda-zswap-4.3.2-2.el8.cgslv6.0.2.g30e4cb1",
    "pcp-selinux-4.3.2-2.el8.cgslv6.0.2.g30e4cb1",
    "pcp-system-tools-4.3.2-2.el8.cgslv6.0.2.g30e4cb1",
    "pcp-system-tools-debuginfo-4.3.2-2.el8.cgslv6.0.2.g30e4cb1",
    "pcp-testsuite-4.3.2-2.el8.cgslv6.0.2.g30e4cb1",
    "pcp-testsuite-debuginfo-4.3.2-2.el8.cgslv6.0.2.g30e4cb1",
    "pcp-webapi-4.3.2-2.el8.cgslv6.0.2.g30e4cb1",
    "pcp-webapi-debuginfo-4.3.2-2.el8.cgslv6.0.2.g30e4cb1",
    "pcp-webapp-blinkenlights-4.3.2-2.el8.cgslv6.0.2.g30e4cb1",
    "pcp-webapp-grafana-4.3.2-2.el8.cgslv6.0.2.g30e4cb1",
    "pcp-webapp-graphite-4.3.2-2.el8.cgslv6.0.2.g30e4cb1",
    "pcp-webapp-vector-4.3.2-2.el8.cgslv6.0.2.g30e4cb1",
    "pcp-webjs-4.3.2-2.el8.cgslv6.0.2.g30e4cb1",
    "pcp-zeroconf-4.3.2-2.el8.cgslv6.0.2.g30e4cb1",
    "perl-PCP-LogImport-4.3.2-2.el8.cgslv6.0.2.g30e4cb1",
    "perl-PCP-LogImport-debuginfo-4.3.2-2.el8.cgslv6.0.2.g30e4cb1",
    "perl-PCP-LogSummary-4.3.2-2.el8.cgslv6.0.2.g30e4cb1",
    "perl-PCP-MMV-4.3.2-2.el8.cgslv6.0.2.g30e4cb1",
    "perl-PCP-MMV-debuginfo-4.3.2-2.el8.cgslv6.0.2.g30e4cb1",
    "perl-PCP-PMDA-4.3.2-2.el8.cgslv6.0.2.g30e4cb1",
    "perl-PCP-PMDA-debuginfo-4.3.2-2.el8.cgslv6.0.2.g30e4cb1",
    "python3-pcp-4.3.2-2.el8.cgslv6.0.2.g30e4cb1",
    "python3-pcp-debuginfo-4.3.2-2.el8.cgslv6.0.2.g30e4cb1"
  ]
};
pkg_list = pkgs[release];

foreach (pkg in pkg_list)
  if (rpm_check(release:"ZTE " + release, reference:pkg)) flag++;

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_WARNING,
    extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "pcp");
}

Related

nessus 12
openvas 15
suse 1
fedora 8
debian 1
securityvulns 2
osv 1
nvd 5
cve 5
debiancve 5
prion 5
ubuntucve 5
cvelist 5
nessus
nessus
SuSE 10 Security Update : pcp (ZYPP Patch Number 8421)
2013-01-24 00:00:00
SuSE 11.2 Security Update : pcp (SAT Patch Number 7221)
2013-01-25 00:00:00
openSUSE Security Update : pcp (openSUSE-SU-2012:1036-1)
2014-06-13 00:00:00
openvas
openvas
Fedora Update for pcp FEDORA-2012-18686
2012-11-23 00:00:00
SUSE: Security Advisory (SUSE-SU-2013:0190-1)
2021-06-09 00:00:00
Fedora Update for pcp FEDORA-2012-18686
2012-11-23 00:00:00
suse
suse
Security update for pcp (important)
2013-01-23 20:04:43
fedora
fedora
[SECURITY] Fedora 17 Update: pcp-3.6.5-1.fc17
2012-08-20 10:57:30
[SECURITY] Fedora 18 Update: pcp-3.6.5-1.fc18
2012-09-18 00:01:23
[SECURITY] Fedora 16 Update: pcp-3.6.5-1.fc16
2012-08-20 10:55:01
debian
debian
[SECURITY] [DSA 2533-1] pcp security update
2012-08-23 19:39:13
securityvulns
securityvulns
[SECURITY] [DSA 2533-1] pcp security update
2012-09-03 00:00:00
pcp multiple security vulnerabilities
2012-09-03 00:00:00
osv
osv
pcp - several
2012-08-23 00:00:00
nvd
nvd
CVE-2012-5530
2012-11-29 13:14:37
CVE-2012-3419
2012-08-27 23:55:02
CVE-2012-3418
2012-08-27 23:55:02
cve
cve
CVE-2012-5530
2012-11-29 13:14:37
CVE-2012-3419
2012-08-27 23:55:02
CVE-2012-3420
2012-08-27 23:55:02
debiancve
debiancve
CVE-2012-5530
2012-11-29 13:14:37
CVE-2012-3418
2012-08-27 23:55:02
CVE-2012-3419
2012-08-27 23:55:02
prion
prion
Arbitrary file deletion
2012-11-29 13:14:00
Code injection
2012-08-27 23:55:00
Command injection
2012-08-27 23:55:00
ubuntucve
ubuntucve
CVE-2012-5530
2012-11-29 00:00:00
CVE-2012-3419
2012-08-27 00:00:00
CVE-2012-3418
2012-08-27 00:00:00
cvelist
cvelist
CVE-2012-5530
2012-11-29 11:00:00
CVE-2012-3419
2012-08-27 23:00:00
CVE-2012-3420
2012-08-27 23:00:00

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.099 Low

EPSS

Percentile

94.9%

JSON
Related for NEWSTART_CGSL_NS-SA-2020-0032_PCP.NASL
nessus12openvas15suse1fedora8debian1securityvulns2osv1nvd5cve5debiancve5prion5ubuntucve5cvelist5