CVE-2012-5530: Low severity performance co-pilot vulnerability

Published Nov 12, 2012
·
Updated

A security flaw was found in the way Performance Co-Pilot (PCP), a framework and services to support system-level performance monitoring and performance management, performed management of its temporary files used by various services from the suite. A local attacker could use this flaw to conduct symbolic link attacks (alter or remove different system files, accessible with the privileges of the user running the PCP suite, than it was originally intended).

References: [1] https://bugzilla.novell.com/showbug.cgi?id=782967 (private)

Other sources

The (1) pcmd and (2) pmlogger init scripts in Performance Co-Pilot (PCP) before 3.6.10 allow local users to overwrite arbitrary files via a symlink attack on a /var/tmp/##### temporary file.

MITRE

Affected Software

17 affected components
SGI Performance Co-pilot<=3.6.9
SGI Performance Co-pilot=2.1.1
SGI Performance Co-pilot=2.1.2
SGI Performance Co-pilot=2.1.3
SGI Performance Co-pilot=2.1.4
SGI Performance Co-pilot=2.1.5
SGI Performance Co-pilot=2.1.6
SGI Performance Co-pilot=2.1.7
SGI Performance Co-pilot=2.1.8
SGI Performance Co-pilot=2.1.9
SGI Performance Co-pilot=2.1.10
SGI Performance Co-pilot=2.1.11
SGI Performance Co-pilot=2.2
SGI Performance Co-pilot=3.6.4
SGI Performance Co-pilot=3.6.5
SGI Performance Co-pilot=3.6.6
SGI Performance Co-pilot=3.6.8

Event History

Nov 12, 2012
Data Sourced
04:28 PM
DescriptionSeverityAffected Software
Nov 29, 2012
CVE Published
via MITRE·11:00 AM
Data Sourced
via MITRE·11:00 AM
Description
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Frequently Asked Questions

1

What is the severity of CVE-2012-5530?

CVE-2012-5530 is classified as a medium severity vulnerability.

2

How do I fix CVE-2012-5530?

To fix CVE-2012-5530, you should upgrade to Performance Co-Pilot version 3.6.10 or later.

3

What causes CVE-2012-5530?

CVE-2012-5530 is caused by improper management of temporary files in Performance Co-Pilot.

4

Who is affected by CVE-2012-5530?

CVE-2012-5530 affects all versions of Performance Co-Pilot up to 3.6.9 and specific versions like 2.1.1 to 2.2.

5

Can CVE-2012-5530 be exploited remotely?

No, CVE-2012-5530 requires local access for exploitation.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2026 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203