CVE-2023-6917: Pcp: unsafe use of directories allows pcp to root privilege escalation

Published Dec 18, 2023
·
Updated

A vulnerability has been identified in the Performance Co-Pilot (PCP) package, stemming from the mixed privilege levels utilized by systemd services associated with PCP. While certain services operate within the confines of limited PCP user/group privileges, others are granted full root privileges. This disparity in privilege levels poses a risk when privileged root processes interact with directories or directory trees owned by unprivileged PCP users. Specifically, this vulnerability may lead to the compromise of PCP user isolation and facilitate local PCP-to-root exploits, particularly through symlink attacks. These vulnerabilities underscore the importance of maintaining robust privilege separation mechanisms within PCP to mitigate the potential for unauthorized privilege escalation.

Other sources

Security issues in pcp on Linux were found by Matthias Gerstner (SUSE Linux security team). The systemd services coming with pcp run with mixed privileges. Some use only limited pcp user/group privileges, like "pmiecheck.service". Others like "pmcd.service" run with full root privileges. In both contexts shared directory structures are used, though, like:

- /var/lib/pcp/tmp owned by pcp:pcp mode 775 - /var/log/pcp owned by pcp:pcp mode 775

When privileged root processes access files in directories or directory trees controlled by unprivileged users then easily security issues can result from this. For the directories listed above two exploitable issues were found that allow to break the pcp user isolation and allow local pcp to root exploits (via symlink attacks).

Red Hat

Affected Software

3 affected componentsFixes available
redhat/pcp<6.2.0
6.2.0
SGI Performance Co-pilot<6.2.0
redhat Enterprise Linux=9.0

Event History

Feb 28, 2024
CVE Published
via MITRE·02:38 PM
Data Sourced
via MITRE·02:38 PM
DescriptionSeverityWeakness
Data Sourced
via NVD·03:15 PM
DescriptionSeverityWeaknessAffected Software
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Frequently Asked Questions

1

What is the severity of CVE-2023-6917?

CVE-2023-6917 is classified as a medium severity vulnerability due to its potential for privilege escalation.

2

How do I fix CVE-2023-6917?

To mitigate CVE-2023-6917, update the Performance Co-Pilot package to version 6.2.0 or later.

3

What systems are affected by CVE-2023-6917?

CVE-2023-6917 affects the Performance Co-Pilot (PCP) package on systems running Red Hat Enterprise Linux 9.0 and versions up to 6.2.0.

4

What type of vulnerability is CVE-2023-6917?

CVE-2023-6917 is a privilege escalation vulnerability stemming from mixed privilege levels of systemd services related to PCP.

5

Who is impacted by CVE-2023-6917?

Users and administrators of systems utilizing the Performance Co-Pilot package are at risk from CVE-2023-6917.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2026 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203