Published: 21/01/2009 Updated: 07/11/2023

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

VMScore: 755

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Stack-based buffer overflow in the process_path function in gmetad/server.c in Ganglia 3.1.1 allows remote malicious users to cause a denial of service (crash) via a request to the gmetad service with a long pathname.

Vulnerable Product	Search on Vulmon	Subscribe to Product
ganglia ganglia 3.1.1

Spike Spiegel discovered a stack-based buffer overflow in gmetad, the meta-daemon for the ganglia cluster monitoring toolkit, which could be triggered via a request with long path names and might enable arbitrary code execution For the stable distribution (etch), this problem has been fixed in version 257-31etch1 For the unstable distribution ...

source: wwwsecurityfocuscom/bid/33299/info Ganglia is prone to a remote stack-based buffer-overflow vulnerability because the software fails to perform adequate boundary checks on user-supplied input Attackers can leverage this issue to execute arbitrary code in the context of the application Successful exploits will compromise the app ...

CWE-119 http://www.securityfocus.com/bid/33299 http://bugzilla.ganglia.info/cgi-bin/bugzilla/show_bug.cgi?id=223 http://secunia.com/advisories/33506 http://security.gentoo.org/glsa/glsa-200903-22.xml http://secunia.com/advisories/34228 http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html http://secunia.com/advisories/35416 http://www.mail-archive.com/ganglia-developers%40lists.sourceforge.net/msg04929.html https://nvd.nist.gov https://www.debian.org/security/./dsa-1710 https://www.exploit-db.com/exploits/32726/

CVE-2009-0241

Vulnerability Summary

Vendor Advisories

Exploits

References

Vulmon Search

About

Products

Connect