VIR Vulnerability Intelligence Relay

CVE-2012-5530

low
Published 2012-11-29 · Modified 2026-04-29
CVSS v3
CVSS v2
2.1
VIR risk
2.1

Description

The (1) pcmd and (2) pmlogger init scripts in Performance Co-Pilot (PCP) before 3.6.10 allow local users to overwrite arbitrary files via a symlink attack on a /var/tmp/##### temporary file.

Predictions

Exploit likelihood
20%
Patch ETA

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: debian — https://security-tracker.debian.org/tracker/CVE-2012-5530

OS impact
OSVersionStatusFixed in
debian debianbookwormfixed3.7.1
debian debianbullseyefixed3.7.1
debian debianforkyfixed3.7.1
debian debiansidfixed3.7.1
debian debiantrixiefixed3.7.1

Application impact
VendorProductVersionsFixed
sgiperformance_co-pilot{"endIncluding":"3.6.9"}
sgiperformance_co-pilot2.1.1
sgiperformance_co-pilot2.1.2
sgiperformance_co-pilot2.1.3
sgiperformance_co-pilot2.1.4
sgiperformance_co-pilot2.1.5
sgiperformance_co-pilot2.1.6
sgiperformance_co-pilot2.1.7
sgiperformance_co-pilot2.1.8
sgiperformance_co-pilot2.1.9
sgiperformance_co-pilot2.1.10
sgiperformance_co-pilot2.1.11
sgiperformance_co-pilot2.2
sgiperformance_co-pilot3.6.4
sgiperformance_co-pilot3.6.5
sgiperformance_co-pilot3.6.6
sgiperformance_co-pilot3.6.8

References

CWEs

CWE-264

Verify integrity in audit chain (admin only). AS-IS.