drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Pufferüberlauf in Ganglia
Name: |
Pufferüberlauf in Ganglia |
|
ID: |
200903-22 |
|
Distribution: |
Gentoo |
|
Plattformen: |
Keine Angabe |
|
Datum: |
Di, 10. März 2009, 15:40 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0241 |
|
Applikationen: |
Ganglia |
|
Originalnachricht |
--nextPart1359483.1uFsv7vFI0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Content-Disposition: inline
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200903-22 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: High Title: Ganglia: Execution of arbitrary code Date: March 10, 2009 Bugs: #255366 ID: 200903-22
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis ========
A buffer-overflow in Ganglia's gmetad might lead to the execution of arbitrary code.
Background ==========
Ganglia is a scalable distributed monitoring system for clusters and grids.
Affected packages =================
------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 sys-cluster/ganglia < 3.1.1-r2 >= 3.1.1-r2
Description ===========
Spike Spiegel reported a stack-based buffer overflow in the process_path() function when processing overly long pathnames in gmetad/server.c.
Impact ======
A remote attacker could send a specially crafted request to the gmetad service leading to the execution of arbitrary code or a Denial of Service.
Workaround ==========
There is no known workaround at this time.
Resolution ==========
All Ganglia users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=sys-cluster/ganglia-3.1.1-r2"
References ==========
[ 1 ] CVE-2009-0241 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0241
Availability ============
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-200903-22.xml
Concerns? =========
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org.
License =======
Copyright 2009 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
--nextPart1359483.1uFsv7vFI0 Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part.
-----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.9 (GNU/Linux)
iQIcBAABAgAGBQJJtnjfAAoJECaaHo/OfoM5fR4P/jlDFIcFRR2qjbj+/gznCMAI ptIwE/+XzK3wll/SYpCPeIO4lLqywlSmM5laMCmOxxZb1S+s9u92S6w7SjRMvXgI rUTk/1Hy/saSeOOG88Cy2TJ3qigvDHYM1p9Iq4gVIFCNYWybf2OtSXwXQcgyuFMl iTodJCfMqt6bd0ekcPq2boghlrBuCEbYqg8fNnYoKQW09IT1tb+HvshiIH9sR+4C 3ZiNkjhF4NsDwPkMXV0vOq4ssf+038jHBm6Po8OHfUrh+muDfbCKrTtgbvPIK8ZT fHp7sgSx4PBXXZ3sjhn+UhZbJCUioHpj9vAqOjhjlA+/IJWgT9Y5/EEF0rm1GJUk w22gkD1LRXiH+CzNBheBvPXvmGOtqz15kwF5bvz0CJT9Kv/SQLIjpWDpzIOFb2ek hsW7kx5ly6oSwjDwOhUBtvuv/CKwRaf1rg6aCn506puUZD5TxpQEyWTEsxdc2jNk 56QcpsRDS++wJhqJ6p/gt2PwJnA8y0BmtfVyx9Nb2n+sLRVezeHPFHTBi31YQ7MC s9w0fQKp9YXMF/Ye8kFvQUAh2oeq6YbWdaDiovjSTMc+RjAyMtS9giCArxas/pIT rm37SpsX2FWWv+Tyhg0o90Wp17bMk1IjnDkaELOOkdZ1FBMtQLS0nGkK4VBm3Ey5 SxDwJ8Mbr2e8bAvLkPCr =C5AH -----END PGP SIGNATURE-----
--nextPart1359483.1uFsv7vFI0--
|
|
|
|