Source: ganglia-monitor-core Severity: grave Tags: security patch Hi, the following CVE (Common Vulnerabilities & Exposures) ids were published for ganglia-monitor-core.
CVE-2009-0241[0]: | Stack-based buffer overflow in the process_path function in | gmetad/server.c in Ganglia 3.1.1 allows remote attackers to cause a | denial of service (crash) via a request to the gmetad service with a | long pathname. CVE-2009-0242[1]: | Ganglia 3.1.1 allows remote attackers to cause a denial of service via | a request to the gmetad service with a path does not exist, which | causes Ganglia to (1) perform excessive CPU computation and (2) send | the entire tree, which consumes network bandwidth. Patches can be found on: http://www.mail-archive.com/ganglia-develop...@lists.sourceforge.net/msg04929/server-c-bof-dos.diff http://www.mail-archive.com/ganglia-develop...@lists.sourceforge.net/msg04929/server-c-multi-item-request.diff If you fix the vulnerabilities please also make sure to include the CVE ids in your changelog entry. For further information see: [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0241 http://security-tracker.debian.net/tracker/CVE-2009-0241 [1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0242 http://security-tracker.debian.net/tracker/CVE-2009-0242 -- Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted.
pgpILDiJ1HYU5.pgp
Description: PGP signature
