In the tools pcp (Performance Co-pilot) used to collect statistics on system performance (for example, used in the interface cockpit), two vulnerabilities have been revealed. The first vulnerability (CVE-2024-45770) is present in the PMPOST utility designed to send messages to the log and under certain conditions launched with increased privileges. The operation of the vulnerability allows an attacker to achieve code execution with Root rights, but access to the PCP account is required to launch the attack. The attack involves substituting the symbolic link of the file “/var/log/pcp/notices” to obtain Root Rights from the process without using the O_NOFOLLOW flag file.
The second vulnerability in PCP (CVE-2024-45769) affects the background process PCMD and leads to memory corruption beyond the buffer when sending specially designed data. The risk of this vulnerability is reduced by the default setting in PCMD, which disables the reception of network queries from other systems. These vulnerabilities have been addressed in the PCP 6.3.1 release. The issues were identified during an audit conducted by developers from the SUSE project.
Furthermore, a vulnerability (CVE-2024-45593) has been discovered in the NIX package manager, utilized in the NIXOS distribution. This vulnerability allows the unpacking of specially designed files in nar format (nix