| From the Red Hat bugzilla [1], [2], [3], [4]:
[1] Florian Weimer of the Red Hat Product Security Team discovered multiple integer and heap-based buffer overflow flaws in PCP (Performance Co-Pilot) libpcp protocol decoding functions. These flaws could lead to daemon crashes or the execution of arbitrary code with root privileges. Many of these flaws can be exploited without requiring the attacker to be authenticated. (CVE-2012-3418)
[2] Florian Weimer of the Red Hat Product Security Team discovered that pmcd (the PCP (Performance Co-Pilot) performance metrics collector daemon) exports part of the /proc file system, including privileged information that could be used to aid in bypassing ASLR, as well as full commandline information on running programs. (CVE-2012-3419)
[3] Florian Weimer of the Red Hat Product Security Team discovered two memory leaks in libpcp that can be abused by an unauthenticated remote attacker to crash pmcd (the PCP (Performance Co-Pilot) performance metrics collector daemon) or to consume enough memory to trigger the OOM killer, which may have impact on other processes. (CVE-2012-3420)
[4] Florian Weimer of the Red Hat Product Security Team discovered a denial of service flaw in pmcd (the PCP (Performance Co-Pilot) performance metrics collector daemon) due to incorrect event-driven programming. Because the pduread() function in libpcp performs a select locally, waiting for more client data, an unauthenticated remote attacker could send individual bytes one by one, avoiding the timeout, and blocking pmcd in order to prevent it from responding to other legitimate requests. (CVE-2012-3421) | 