Bug 131067 - [vuxml] sysutils/ganglia-monitor-core vulnerability
Summary: [vuxml] sysutils/ganglia-monitor-core vulnerability
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: Normal Affects Only Me
Assignee: Brooks Davis
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2009-01-28 04:00 UTC by mark
Modified: 2009-01-30 14:32 UTC (History)
0 users

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description mark 2009-01-28 04:00:14 UTC

Fix: 

<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
   <vuln vid="b9077cc4-6d04-4bcb-a37a-9ceaebfdcc9e">
     <topic>ganglia-monitor-core -- Stack-based buffer overflow in the process_path function</topic>
     <affects>
       <package>
         <name>ganglia-monitor-core</name>
         <range><le>3.1.1</le></range>
       </package>
     </affects>
     <description>
       <body xmlns="http://www.w3.org/1999/xhtml">
         <p>Secunia reports:</p>
         <blockquote cite="http://secunia.com/advisories/33506">
           <p>Spike Spiegel has discovered a vulnerability in Ganglia which can be exploited by malicious people to compromise a vulnerable system.

The vulnerability is caused due to a boundary error within the process_path function in gmetad/server.c. This can be exploited to cause a stack-based buffer overflow by e.g. sending a specially crafted message to the gmetad service.

The vulnerability is confirmed in version 3.1.1. Other versions may also be affected.


</p>
         </blockquote>
       </body>
     </description>
     <references>
      <url>http://secunia.com/advisories/33506</url>
      <cvename>CVE-2009-0241</cvename>
      <bid>33229</bid>
     </references>
     <dates>
       <discovery>2009-01-21</discovery>
       <entry>2009-01-27</entry>
     </dates>
   </vuln>
Comment 1 Edwin Groothuis freebsd_committer 2009-01-28 04:00:24 UTC
Responsible Changed
From-To: freebsd-ports-bugs->brooks

Over to maintainer (via the GNATS Auto Assign Tool)
Comment 2 dfilter service freebsd_committer 2009-01-30 03:56:49 UTC
brooks      2009-01-30 03:56:35 UTC

  FreeBSD ports repository

  Modified files:
    security/vuxml       vuln.xml 
    sysutils/ganglia-monitor-core Makefile distinfo pkg-plist 
    sysutils/ganglia-webfrontend Makefile distinfo pkg-plist 
  Added files:
    sysutils/ganglia-monitor-core/files patch-gmetad_server.c 
  Removed files:
    sysutils/ganglia-monitor-core/files 
                                        patch-libmetrics_freebsd_metrics.c 
  Log:
  Upgrade Ganglia to 3.1.1 plus a fix for CVE-2009-0241.
  
  PR:             ports/129822, ports/131067
  Submitted by:   Mark Foster <mark at foster dot cc> (vuxml)
  Security:       vid:b9077cc4-6d04-4bcb-a37a-9ceaebfdcc9e
  
  Revision  Changes    Path
  1.1836    +35 -1     ports/security/vuxml/vuln.xml
  1.26      +21 -21    ports/sysutils/ganglia-monitor-core/Makefile
  1.12      +3 -3      ports/sysutils/ganglia-monitor-core/distinfo
  1.1       +49 -0     ports/sysutils/ganglia-monitor-core/files/patch-gmetad_server.c (new)
  1.2       +0 -14     ports/sysutils/ganglia-monitor-core/files/patch-libmetrics_freebsd_metrics.c (dead)
  1.10      +21 -8     ports/sysutils/ganglia-monitor-core/pkg-plist
  1.18      +1 -2      ports/sysutils/ganglia-webfrontend/Makefile
  1.9       +3 -3      ports/sysutils/ganglia-webfrontend/distinfo
  1.7       +9 -11     ports/sysutils/ganglia-webfrontend/pkg-plist
_______________________________________________
cvs-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/cvs-all
To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org"
Comment 3 Brooks Davis freebsd_committer 2009-01-30 14:32:02 UTC
State Changed
From-To: open->closed

Committed 3.1.1 plus a fix for this issue.  Adjusted the vuxlm accordingly.