Vulnerabilities > CVE-2009-0241 - Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Ganglia 3.1.1

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN
ganglia
CWE-119
nessus
exploit available

Summary

Stack-based buffer overflow in the process_path function in gmetad/server.c in Ganglia 3.1.1 allows remote attackers to cause a denial of service (crash) via a request to the gmetad service with a long pathname.

Vulnerable Configurations

Part Description Count
Application
Ganglia
1

Common Attack Pattern Enumeration and Classification (CAPEC)

  • Buffer Overflow via Environment Variables
    This attack pattern involves causing a buffer overflow through manipulation of environment variables. Once the attacker finds that they can modify an environment variable, they may try to overflow associated buffers. This attack leverages implicit trust often placed in environment variables.
  • Overflow Buffers
    Buffer Overflow attacks target improper or missing bounds checking on buffer operations, typically triggered by input injected by an attacker. As a consequence, an attacker is able to write past the boundaries of allocated buffer regions in memory, causing a program crash or potentially redirection of execution as per the attackers' choice.
  • Client-side Injection-induced Buffer Overflow
    This type of attack exploits a buffer overflow vulnerability in targeted client software through injection of malicious content from a custom-built hostile service.
  • Filter Failure through Buffer Overflow
    In this attack, the idea is to cause an active filter to fail by causing an oversized transaction. An attacker may try to feed overly long input strings to the program in an attempt to overwhelm the filter (by causing a buffer overflow) and hoping that the filter does not fail securely (i.e. the user input is let into the system unfiltered).
  • MIME Conversion
    An attacker exploits a weakness in the MIME conversion routine to cause a buffer overflow and gain control over the mail server machine. The MIME system is designed to allow various different information formats to be interpreted and sent via e-mail. Attack points exist when data are converted to MIME compatible format and back.

Exploit-Db

descriptionGanglia gmetad 3.0.6 'process_path()' Remote Stack Buffer Overflow Vulnerability. CVE-2009-0241. Dos exploit for linux platform
idEDB-ID:32726
last seen2016-02-03
modified2009-01-15
published2009-01-15
reporterSpike Spiegel
sourcehttps://www.exploit-db.com/download/32726/
titleGanglia gmetad <= 3.0.6 - 'process_path' Remote Stack Buffer Overflow Vulnerability

Nessus

  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-200903-22.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-200903-22 (Ganglia: Execution of arbitrary code) Spike Spiegel reported a stack-based buffer overflow in the process_path() function when processing overly long pathnames in gmetad/server.c. Impact : A remote attacker could send a specially crafted request to the gmetad service leading to the execution of arbitrary code or a Denial of Service. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id35903
    published2009-03-11
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/35903
    titleGLSA-200903-22 : Ganglia: Execution of arbitrary code
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Gentoo Linux Security Advisory GLSA 200903-22.
    #
    # The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc.
    # and licensed under the Creative Commons - Attribution / Share Alike 
    # license. See http://creativecommons.org/licenses/by-sa/3.0/
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(35903);
      script_version("1.12");
      script_cvs_date("Date: 2019/08/02 13:32:45");
    
      script_cve_id("CVE-2009-0241");
      script_xref(name:"GLSA", value:"200903-22");
    
      script_name(english:"GLSA-200903-22 : Ganglia: Execution of arbitrary code");
      script_summary(english:"Checks for updated package(s) in /var/db/pkg");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Gentoo host is missing one or more security-related
    patches."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The remote host is affected by the vulnerability described in GLSA-200903-22
    (Ganglia: Execution of arbitrary code)
    
        Spike Spiegel reported a stack-based buffer overflow in the
        process_path() function when processing overly long pathnames in
        gmetad/server.c.
      
    Impact :
    
        A remote attacker could send a specially crafted request to the gmetad
        service leading to the execution of arbitrary code or a Denial of
        Service.
      
    Workaround :
    
        There is no known workaround at this time."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security.gentoo.org/glsa/200903-22"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "All Ganglia users should upgrade to the latest version:
        # emerge --sync
        # emerge --ask --oneshot --verbose '>=sys-cluster/ganglia-3.1.1-r2'"
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_cwe_id(119);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:ganglia");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2009/03/10");
      script_set_attribute(attribute:"plugin_publication_date", value:"2009/03/11");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2009-2019 Tenable Network Security, Inc.");
      script_family(english:"Gentoo Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("qpkg.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo");
    if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    
    if (qpkg_check(package:"sys-cluster/ganglia", unaffected:make_list("ge 3.1.1-r2"), vulnerable:make_list("lt 3.1.1-r2"))) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = qpkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "Ganglia");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_GANGLIA-MONITOR-CORE-6259.NASL
    descriptionA stack-based buffer overflow in ganglia
    last seen2020-06-01
    modified2020-06-02
    plugin id38857
    published2009-05-22
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/38857
    titleopenSUSE 10 Security Update : ganglia-monitor-core (ganglia-monitor-core-6259)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from openSUSE Security Update ganglia-monitor-core-6259.
    #
    # The text description of this plugin is (C) SUSE LLC.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(38857);
      script_version ("1.7");
      script_cvs_date("Date: 2019/10/25 13:36:36");
    
      script_cve_id("CVE-2009-0241");
    
      script_name(english:"openSUSE 10 Security Update : ganglia-monitor-core (ganglia-monitor-core-6259)");
      script_summary(english:"Check for the ganglia-monitor-core-6259 patch");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote openSUSE host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "A stack-based buffer overflow in ganglia's buffer process_path
    function has been fixed. CVE-2009-0241 has been assigned to this
    issue."
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected ganglia-monitor-core packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_cwe_id(119);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:ganglia-monitor-core");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:ganglia-monitor-core-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:ganglia-monitor-core-gmetad");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:ganglia-monitor-core-gmond");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:ganglia-webfrontend");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:10.3");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2009/05/19");
      script_set_attribute(attribute:"plugin_publication_date", value:"2009/05/22");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2009-2019 Tenable Network Security, Inc.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
    if (release !~ "^(SUSE10\.3)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "10.3", release);
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    ourarch = get_kb_item("Host/cpu");
    if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
    if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);
    
    flag = 0;
    
    if ( rpm_check(release:"SUSE10.3", reference:"ganglia-monitor-core-2.5.7-99.2") ) flag++;
    if ( rpm_check(release:"SUSE10.3", reference:"ganglia-monitor-core-devel-2.5.7-99.2") ) flag++;
    if ( rpm_check(release:"SUSE10.3", reference:"ganglia-monitor-core-gmetad-2.5.7-99.2") ) flag++;
    if ( rpm_check(release:"SUSE10.3", reference:"ganglia-monitor-core-gmond-2.5.7-99.2") ) flag++;
    if ( rpm_check(release:"SUSE10.3", reference:"ganglia-webfrontend-2.5.7-99.2") ) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "ganglia-monitor-core / ganglia-monitor-core-devel / etc");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_0_GANGLIA-MONITOR-CORE-090519.NASL
    descriptionA stack-based buffer overflow in ganglia
    last seen2020-06-01
    modified2020-06-02
    plugin id39966
    published2009-07-21
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/39966
    titleopenSUSE Security Update : ganglia-monitor-core (ganglia-monitor-core-894)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-1710.NASL
    descriptionSpike Spiegel discovered a stack-based buffer overflow in gmetad, the meta-daemon for the ganglia cluster monitoring toolkit, which could be triggered via a request with long path names and might enable arbitrary code execution.
    last seen2020-06-01
    modified2020-06-02
    plugin id35461
    published2009-01-26
    reporterThis script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/35461
    titleDebian DSA-1710-1 : ganglia-monitor-core - buffer overflow
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_1_GANGLIA-MONITOR-CORE-090519.NASL
    descriptionA stack-based buffer overflow in ganglia
    last seen2020-06-01
    modified2020-06-02
    plugin id40218
    published2009-07-21
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/40218
    titleopenSUSE Security Update : ganglia-monitor-core (ganglia-monitor-core-894)
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_B9077CC46D044BCBA37A9CEAEBFDCC9E.NASL
    descriptionSecunia reports : Spike Spiegel has discovered a vulnerability in Ganglia which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to a boundary error within the process_path function in gmetad/server.c. This can be exploited to cause a stack-based buffer overflow by e.g. sending a specially crafted message to the gmetad service. The vulnerability is confirmed in version 3.1.1. Other versions may also be affected.
    last seen2020-06-01
    modified2020-06-02
    plugin id35564
    published2009-02-01
    reporterThis script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/35564
    titleFreeBSD : ganglia -- buffer overflow vulnerability (b9077cc4-6d04-4bcb-a37a-9ceaebfdcc9e)

Statements

contributorTomas Hoger
lastmodified2009-01-23
organizationRed Hat
statementRed Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=CVE-2009-0241 The Red Hat Security Response Team has rated this issue as having moderate security impact, a future update of Red Hat HPC Solution may address this flaw. More information regarding issue severity can be found here: http://www.redhat.com/security/updates/classification/