Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 255593 - =app-emulation/ganglia-3.1.1-r1 leak filehandles and off by 1 buffer overflow if request for gmetad interactive port larger than 2048 bytes
Summary: =app-emulation/ganglia-3.1.1-r1 leak filehandles and off by 1 buffer overflow...
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High normal (vote)
Assignee: Gentoo Security
URL: http://bugzilla.ganglia.info/cgi-bin/...
Whiteboard:
Keywords:
Depends on:
Blocks: CVE-2009-0241
  Show dependency tree
 
Reported: 2009-01-20 06:13 UTC by Carlo Marcelo Arenas Belon
Modified: 2009-01-20 16:43 UTC (History)
0 users

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Carlo Marcelo Arenas Belon 2009-01-20 06:13:50 UTC 
somehow related to BUG255366 as this problem is made visible by the bugfix that was used to correct a buffer overflow in gmetad as reported upstream in the linked bugzilla URL.

an additional patch will need to be added as shown in :

  http://ganglia.svn.sourceforge.net/viewvc/ganglia/trunk/monitor-core/gmetad/server.c?view=patch&r1=1950&r2=1953&pathrev=1953

or the patch used to correct the problem be updated to use instead :

  http://bugzilla.ganglia.info/cgi-bin/bugzilla/attachment.cgi?id=189&action=view

Reproducible: Always

Steps to Reproduce:
1. /etc/init.d/gmetad start
2. echo "/`python -c \"print \\"%s/%s/%s\\" % ('a'*1700,'b'*300,'c'*48)\"`" | netcat 127.0.0.1 8652
3.

Actual Results:  
connection hangs (every other request will succeed) and an the following error is logged :

  server_thread() 1135602000 unable to write root preamble (DTD, etc)

Expected Results:  
connection will be closed with some (or all) the root tree returned
Comment 1 Alex Legler (RETIRED) archtester gentoo-dev Security 2009-01-20 08:42:20 UTC 
Thanks for reporting, Carlo. I blocked the initial security bug to handle this.
Comment 2 Justin Bronder (RETIRED) gentoo-dev 2009-01-20 16:43:03 UTC 
Patch updated in ganglia-3.1.1-r2.  Thanks again for keeping us up to date Carlo.