CVE-2024-45770

一、漏洞信息
 漏洞编号：[CVE-2024-45770](https://nvd.nist.gov/vuln/detail/CVE-2024-45770)
 漏洞归属组件：[pcp](https://gitee.com/src-openeuler/pcp)
 漏洞归属的版本：4.1.3,5.3.5,5.3.7,6.2.2,6.3.2,6.3.4,6.3.6
 CVSS V3.0分值：
  BaseScore：4.4 Medium
  Vector：CVSS：3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
 漏洞简述：
  A vulnerability was found in Performance Co-Pilot (PCP). This flaw can only be exploited if an attacker has access to a compromised PCP system account. The issue is related to the pmpost tool, which is used to log messages in the system. Under certain conditions, it runs with high-level privileges.
 漏洞公开时间：2024-09-19 17:15:02
 漏洞创建时间：2024-09-19 17:29:44
 漏洞详情参考链接：
  https://nvd.nist.gov/vuln/detail/CVE-2024-45770
<details>
<summary>更多参考(点击展开)</summary>

| 参考来源 | 参考链接 | 来源链接 |
| ------- | -------- | -------- |
| secalert.redhat.com | https://access.redhat.com/errata/RHSA-2024:6837 |  |
| secalert.redhat.com | https://access.redhat.com/errata/RHSA-2024:6840 |  |
| secalert.redhat.com | https://access.redhat.com/errata/RHSA-2024:6842 |  |
| secalert.redhat.com | https://access.redhat.com/errata/RHSA-2024:6843 |  |
| secalert.redhat.com | https://access.redhat.com/errata/RHSA-2024:6844 |  |
| secalert.redhat.com | https://access.redhat.com/errata/RHSA-2024:6846 |  |
| secalert.redhat.com | https://access.redhat.com/errata/RHSA-2024:6847 |  |
| secalert.redhat.com | https://access.redhat.com/errata/RHSA-2024:6848 |  |
| secalert.redhat.com | https://access.redhat.com/errata/RHSA-2024:9452 |  |
| secalert.redhat.com | https://access.redhat.com/security/cve/CVE-2024-45770 |  |
| secalert.redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=2310451 |  |
| redhat_bugzilla | https://access.redhat.com/errata/RHSA-2024:6846 | https://bugzilla.redhat.com/show_bug.cgi?id=2310451 |
| redhat_bugzilla | https://access.redhat.com/errata/RHSA-2024:6840 | https://bugzilla.redhat.com/show_bug.cgi?id=2310451 |
| redhat_bugzilla | https://access.redhat.com/errata/RHSA-2024:6843 | https://bugzilla.redhat.com/show_bug.cgi?id=2310451 |
| redhat_bugzilla | https://access.redhat.com/errata/RHSA-2024:6837 | https://bugzilla.redhat.com/show_bug.cgi?id=2310451 |
| redhat_bugzilla | https://access.redhat.com/errata/RHSA-2024:6842 | https://bugzilla.redhat.com/show_bug.cgi?id=2310451 |
| redhat_bugzilla | https://access.redhat.com/errata/RHSA-2024:6844 | https://bugzilla.redhat.com/show_bug.cgi?id=2310451 |
| redhat_bugzilla | https://access.redhat.com/errata/RHSA-2024:6847 | https://bugzilla.redhat.com/show_bug.cgi?id=2310451 |
| redhat_bugzilla | https://access.redhat.com/errata/RHSA-2024:6848 | https://bugzilla.redhat.com/show_bug.cgi?id=2310451 |
| redhat_bugzilla | https://access.redhat.com/errata/RHSA-2024:9452 | https://bugzilla.redhat.com/show_bug.cgi?id=2310451 |
| debian |  | https://security-tracker.debian.org/tracker/CVE-2024-45770 |
| anolis |  | https://anas.openanolis.cn/cves/detail/CVE-2024-45770 |
| cve_search |  | https://access.redhat.com/security/cve/CVE-2024-45770 |
| cve_search |  | https://bugzilla.redhat.com/show_bug.cgi?id=2310451 |
| amazon_linux_explore | https://access.redhat.com/security/cve/CVE-2024-45770 | https://explore.alas.aws.amazon.com/CVE-2024-45770.html |
| amazon_linux_explore | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45770 | https://explore.alas.aws.amazon.com/CVE-2024-45770.html |

</details>

漏洞分析指导链接：
  https://gitee.com/openeuler/cve-manager/blob/master/cve-vulner-manager/doc/md/manual.md
 漏洞数据来源:
  openBrain开源漏洞感知系统
 漏洞补丁信息：
  <details>
<summary>详情(点击展开)</summary>

| 影响的包 | 修复版本 | 修复补丁 | 问题引入补丁 | 来源  |
| ------- | -------- | ------- | -------- | --------- |
|  |  | https://github.com/performancecopilot/pcp/commit/22505f9a43c212217d4d53200dcf2f0e94febc8f |  | debian |

</details>

二、漏洞分析结构反馈
 影响性分析说明：
  A vulnerability was found in Performance Co-Pilot (PCP). This flaw can only be exploited if an attacker has access to a compromised PCP system account. The issue is related to the pmpost tool, which is used to log messages in the system. Under certain conditions, it runs with high-level privileges.
 openEuler评分：
  4.4
 Vector：CVSS：3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
 受影响版本排查(受影响/不受影响)：
  1.openEuler-20.03-LTS-SP4(4.1.3):受影响
2.openEuler-22.03-LTS-SP3(5.3.7):受影响
3.openEuler-22.03-LTS-SP4(5.3.7):受影响
4.openEuler-24.03-LTS(6.2.2):受影响
5.openEuler-24.03-LTS-Next(6.2.2):受影响
6.master(6.3.6):不受影响
7.openEuler-24.03-LTS-SP1(6.2.2):不受影响
8.openEuler-24.03-LTS-SP2(6.2.2):

修复是否涉及abi变化(是/否)：
  1.master(6.3.6):否
2.openEuler-20.03-LTS-SP4(4.1.3):否
3.openEuler-22.03-LTS-SP3(5.3.7):否
4.openEuler-24.03-LTS(6.2.2):否
5.openEuler-24.03-LTS-Next(6.2.2):否
6.openEuler-22.03-LTS-SP4(5.3.7):否
7.openEuler-24.03-LTS-SP1(6.2.2):否
8.openEuler-24.03-LTS-SP2(6.2.2):

原因说明：
  1.openEuler-22.03-LTS-SP3(5.3.7):正常修复
2.openEuler-24.03-LTS(6.2.2):正常修复
3.openEuler-24.03-LTS-Next(6.2.2):正常修复
4.openEuler-22.03-LTS-SP4(5.3.7):正常修复
5.openEuler-20.03-LTS-SP4(4.1.3):暂不修复-暂无解决方案或补丁
6.master(6.3.6):不受影响-漏洞代码不能被攻击者触发
7.openEuler-24.03-LTS-SP1(6.2.2):不受影响-漏洞代码不能被攻击者触发
8.openEuler-24.03-LTS-SP2(6.2.2):

src-openEuler/pcp
关闭

内容风险标识

评论 (10)

src-openEuler/pcp关闭 .gitee-modal { width: 500px !important; }

内容风险标识

CVE-2024-45770

评论 (10)

搜索帮助

src-openEuler/pcp
关闭