Nixpkgs Security Tracker

Dismissed

Permalink CVE-2024-45770

updated 1 year, 1 month ago by @LeSuisse Activity log

Created automatic suggestion 1 year, 1 month ago
@LeSuisse dismissed 1 year, 1 month ago

Pcp: pmpost symlink attack allows escalating pcp to root user

A vulnerability was found in Performance Co-Pilot (PCP). This flaw can only be exploited if an attacker has access to a compromised PCP system account. The issue is related to the pmpost tool, which is used to log messages in the system. Under certain conditions, it runs with high-level privileges.

Affected products

pcp

Matching in nixpkgs

pkgs.pcp

Command line peer-to-peer data transfer tool based on libp2p

nixos-unstable 0.4.0
- nixpkgs-unstable 0.4.0
- nixos-unstable-small 0.4.0

pkgs.ncmpcpp

Featureful ncurses based MPD client inspired by ncmpc

nixos-unstable 0.10
- nixpkgs-unstable 0.10
- nixos-unstable-small 0.10

pkgs.libamqpcpp

Library for communicating with a RabbitMQ server

nixos-unstable 4.3.27
- nixpkgs-unstable 4.3.27
- nixos-unstable-small 4.3.27

pkgs.python311Packages.pcpp

C99 preprocessor written in pure Python

nixos-unstable 1.30
- nixpkgs-unstable 1.30
- nixos-unstable-small 1.30

pkgs.python312Packages.pcpp