| Summary: | sys-cluster/ganglia: Buffer overflow in gmetad (CVE-2009-0241) | ||
|---|---|---|---|
| Product: | Gentoo Security | Reporter: | Matti Bickel (RETIRED) <mabi> |
| Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
| Status: | RESOLVED FIXED | ||
| Severity: | major | CC: | carenas, hp-cluster |
| Priority: | High | ||
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| URL: | http://bugzilla.ganglia.info/cgi-bin/bugzilla/show_bug.cgi?id=223 | ||
| Whiteboard: | B1 [glsa] | ||
| Package list: | Runtime testing required: | --- | |
| Bug Depends on: | 255593 | ||
| Bug Blocks: | |||
|
Description
Matti Bickel (RETIRED)
2009-01-18 11:16:17 UTC
There's a patch for this in the original report: http://bugzilla.ganglia.info/cgi-bin/bugzilla/attachment.cgi?id=188&action=view herd, do you want to provide an patched ebuild or wait for a new version? Patch added to 3.1.1-r1. Thanks for letting me know, I haven't been keeping up with the dev list. Reopening, as we should first see if mabi's whiteboard status is correct and we need a GLSA. Unless 3.0.x is known to be not vulnerable, we need to get this stable on x86 first, otherwise it would be ~1 anyway and not Bn. hp-cluster herd, is =sys-cluster/ganglia-3.1.1-r1 ready to go stable on x86? If yes, you can already CC x86@g.o if you want, or just note it on the bug. *** Bug 255353 has been marked as a duplicate of this bug. *** According to #255353, this affects all versions of ganglia currently in the tree. x86 please mark ganglia-3.1.1-r1 as stable, src_test is expected to succeed. Sorry for closing this too quickly earlier. Thanks, adapting whiteboard. Sorry, x86, we need a new patch before stabling.. In bug 255593 was reported that with the patch we used, another overflow is unveiled. Updated patch here: http://bugzilla.ganglia.info/cgi-bin/bugzilla/attachment.cgi?id=189&action=view Alright, new Patch is applied. x86 team, same procedure as in comment 6 please, only this time with sys-cluster/ganglia-3.1.1-r2. Sorry again for the confusion. x86 stable, all arches done. CVE-2009-0241 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0241): Stack-based buffer overflow in the process_path function in gmetad/server.c in Ganglia 3.1.1 allows remote attackers to cause a denial of service (crash) via a request to the gmetad service with a long pathname. CVE-2009-0242 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0242): Ganglia 3.1.1 allows remote attackers to cause a denial of service via a request to the gmetad service with a path does not exist, which causes Ganglia to (1) perform excessive CPU computation and (2) send the entire tree, which consumes network bandwidth. (In reply to comment #11) > CVE-2009-0241 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0241): > Stack-based buffer overflow in the process_path function in > gmetad/server.c in Ganglia 3.1.1 allows remote attackers to cause a > denial of service (crash) via a request to the gmetad service with a > long pathname. this is the vulnerability that was patched and was being tracked upstream > CVE-2009-0242 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0242): > Ganglia 3.1.1 allows remote attackers to cause a denial of service > via a request to the gmetad service with a path does not exist, which > causes Ganglia to (1) perform excessive CPU computation and (2) send > the entire tree, which consumes network bandwidth. this is most likely just a confusion generated by the way the bug was originally reported and that also included a proposal (which was not accepted) to add a feature which could trigger this behaviour, but that has been otherwise considered invalid as shown by : https://bugzilla.redhat.com/show_bug.cgi?id=480960 GLSA request filed. CVE-2009-0242 has been officially rejected (via oss-sec). GLSA 200903-22 |
