gmetad: stack based buffer overflow in interactive port
Bug #319111 reported by
Carlo Marcelo Arenas Belon
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
ganglia (Fedora) |
Fix Released
|
Medium
|
|||
ganglia (Gentoo Linux) |
Fix Released
|
High
|
|||
ganglia-monitor-core (Debian) |
Fix Released
|
Unknown
|
|||
ganglia-monitor-core (Ubuntu) |
Confirmed
|
Undecided
|
Unassigned |
Bug Description
a buffer overflow has been reported in the interactive port for gmetad (TCP/8652) which could result in code executed remotely or at least a DoS by crashing the gmetad daemon with a segfault and as can be seen in :
http://
more information about this problem has been reported in :
http://
http://
a CVE was already requested by the Red Hat security team as shown by :
CVE References
Changed in ganglia: | |
status: | Unknown → Confirmed |
Changed in ganglia: | |
status: | Unknown → Confirmed |
Changed in ganglia-monitor-core: | |
status: | Unknown → Fix Released |
Changed in ganglia: | |
status: | Confirmed → Fix Released |
Changed in ganglia-monitor-core (Ubuntu): | |
status: | New → Confirmed |
Changed in ganglia (Gentoo Linux): | |
importance: | Unknown → High |
Changed in ganglia (Fedora): | |
importance: | Unknown → Medium |
status: | Confirmed → Fix Released |
To post a comment you must log in.
A stack-based buffer overflow was discovered in the gmetad server, part of the ganglia monitoring system. Quoting original report:
In process_path() a char element[256] is allocated to contain the pieces
of the path as it is processed. If a request is made with a path element
longer than that the strncpy call will write to invalid memory location,
since there is no length checking performed on the input data to make sure
it is less than the size of element.
Full report: /msg04929. html
http://<email address hidden>
Upstream bug: bugzilla. ganglia. info/cgi- bin/bugzilla/ show_bug. cgi?id= 223
http://
Upstream fix: ganglia. svn.sourceforge .net/viewvc/ ganglia? view=rev& revision= 1946 ganglia. svn.sourceforge .net/viewvc/ ganglia? view=rev& revision= 1947
http://
and status file note:
http://