Detections
Analytics

NewStart CGSL MAIN 6.06 : pcp Multiple Vulnerabilities (NS-SA-2025-0210)

high Nessus Plugin ID 266255

Synopsis

The remote NewStart CGSL host is affected by multiple vulnerabilities.

Description

The remote NewStart CGSL host, running version MAIN 6.06, has pcp packages installed that are affected by multiple vulnerabilities:

 - Multiple memory leaks in Performance Co-Pilot (PCP) before 3.6.5 allow remote attackers to cause a denial of service (memory consumption or daemon crash) via a large number of PDUs with (1) a crafted context number to the DoFetch function in pmcd/src/dofetch.c or (2) a negative type value to the __pmGetPDU function in libpcp/src/pdu.c. (CVE-2012-3420)

 - Performance Co-Pilot (PCP) before 3.6.5 exports some of the /proc file system, which allows attackers to obtain sensitive information such as proc/pid/maps and command line arguments. (CVE-2012-3419)

 - libpcp in Performance Co-Pilot (PCP) before 3.6.5 allows remote attackers to cause a denial of service and possibly execute arbitrary code via (1) a PDU with the numcreds field value greater than the number of actual elements to the __pmDecodeCreds function in p_creds.c; (2) the string byte number value to the
 __pmDecodeNameList function in p_pmns.c; (3) the numids value to the __pmDecodeIDList function in p_pmns.c; (4) unspecified vectors to the __pmDecodeProfile function in p_profile.c; the (5) status number value or (6) string number value to the __pmDecodeNameList function in p_pmns.c; (7) certain input to the
 __pmDecodeResult function in p_result.c; (8) the name length field (namelen) to the DecodeNameReq function in p_pmns.c; (9) a crafted PDU_FETCH request to the __pmDecodeFetch function in p_fetch.c; (10) the namelen field in the __pmDecodeInstanceReq function in p_instance.c; (11) the buflen field to the
 __pmDecodeText function in p_text.c; (12) PDU_INSTANCE packets to the __pmDecodeInstance in p_instance.c;
 or the (13) c_numpmid or (14) v_numval fields to the __pmDecodeLogControl function in p_lcontrol.c, which triggers integer overflows, heap-based buffer overflows, and/or buffer over-reads. (CVE-2012-3418)

 - The pduread function in pdu.c in libpcp in Performance Co-Pilot (PCP) before 3.6.5 does not properly time out connections, which allows remote attackers to cause a denial of service (pmcd hang) by sending individual bytes of a PDU separately, related to an event-driven programming flaw. (CVE-2012-3421)

 - The (1) pcmd and (2) pmlogger init scripts in Performance Co-Pilot (PCP) before 3.6.10 allow local users to overwrite arbitrary files via a symlink attack on a /var/tmp/##### temporary file. (CVE-2012-5530)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Upgrade the vulnerable CGSL pcp packages. Note that updated packages may not be available yet. Please contact ZTE for more information.

See Also

https://security.gd-linux.com/notice/NS-SA-2025-0210

https://security.gd-linux.com/info/CVE-2012-3418

https://security.gd-linux.com/info/CVE-2012-3419

https://security.gd-linux.com/info/CVE-2012-3420

https://security.gd-linux.com/info/CVE-2012-3421

https://security.gd-linux.com/info/CVE-2012-5530

Plugin Details

Severity: High

ID: 266255

File Name: newstart_cgsl_NS-SA-2025-0210_pcp.nasl

Version: 1.1

Type: local

Published: 9/30/2025

Updated: 9/30/2025

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.6

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 3.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS Score Source: CVE-2012-3419

CVSS v3

Risk Factor: High

Base Score: 7.5

Temporal Score: 6.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

CVSS Score Source: CVE-2012-3420

Vulnerability Information

CPE: p-cpe:/a:zte:cgsl_main:pcp-conf, p-cpe:/a:zte:cgsl_main:pcp-selinux, cpe:/o:zte:cgsl_main:6, p-cpe:/a:zte:cgsl_main:pcp, p-cpe:/a:zte:cgsl_main:pcp-system-tools, p-cpe:/a:zte:cgsl_main:pcp-libs, p-cpe:/a:zte:cgsl_main:python3-pcp

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/ZTE-CGSL/release, Host/ZTE-CGSL/rpm-list

Exploit Ease: No known exploits are available

Patch Publication Date: 9/30/2025

Vulnerability Publication Date: 7/19/2012

Reference Information

CVE: CVE-2012-3418, CVE-2012-3419, CVE-2012-3420, CVE-2012-3421, CVE-2012-5530