Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 386277 (CVE-2011-3741) - <sys-cluster/ganglia-3.2.0: information disclosure (CVE-2011-3741)
Summary: <sys-cluster/ganglia-3.2.0: information disclosure (CVE-2011-3741)
Status: RESOLVED FIXED
Alias: CVE-2011-3741
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
URL: http://nvd.nist.gov/nvd.cfm?cvename=C...
Whiteboard: B4 [noglsa]
Keywords:
Depends on:
Blocks:
 
Reported: 2011-10-08 13:10 UTC by GLSAMaker/CVETool Bot
Modified: 2012-04-02 00:20 UTC (History)
3 users (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description GLSAMaker/CVETool Bot gentoo-dev 2011-10-08 13:10:00 UTC 
CVE-2011-3741 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3741):
  Ganglia 3.1.7 allows remote attackers to obtain sensitive information via a
  direct request to a .php file, which reveals the installation path in an
  error message, as demonstrated by host_view.php and certain other files.
Comment 1 Sean Amoss (RETIRED) gentoo-dev Security 2012-01-14 19:12:29 UTC 
@cluster, jsbronder, can we proceed with stabilization of sys-cluster/ganglia-3.2.0?
Comment 2 Kacper Kowalik (Xarthisius) (RETIRED) gentoo-dev 2012-01-15 09:55:32 UTC 
(In reply to comment #1)
> @cluster, jsbronder, can we proceed with stabilization of
> sys-cluster/ganglia-3.2.0?
Sure, I took the liberty of cc'ing arches.
Comment 3 Agostino Sarubbo gentoo-dev 2012-01-15 15:13:28 UTC 
@cluster: It needs static-libs IUSE, I'll file a new bug

amd64 stable
Comment 4 Paweł Hajdan, Jr. (RETIRED) gentoo-dev 2012-01-21 16:29:18 UTC 
x86 stable
Comment 5 Brent Baude (RETIRED) gentoo-dev 2012-02-01 17:04:42 UTC 
ppc done; closing as last arch
Comment 6 Agostino Sarubbo gentoo-dev 2012-02-01 17:26:42 UTC 
@security, please vote
Comment 7 Tim Sammut (RETIRED) gentoo-dev 2012-02-02 02:44:31 UTC 
Thanks, folks. GLSA Vote: no.
Comment 8 Sean Amoss (RETIRED) gentoo-dev Security 2012-03-01 21:29:45 UTC 
Vote: No, too.

Closing noglsa
Comment 9 Carlo Marcelo Arenas Belon 2012-04-02 00:20:44 UTC 
AFAIK this bug isn't fixed in 3.2.0 or any future version either