Vulnerabilities > CVE-2012-3448 - PHP Code Execution vulnerability in Ganglia
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Unspecified vulnerability in Ganglia Web before 3.5.1 allows remote attackers to execute arbitrary PHP code via unknown attack vectors.
Vulnerable Configurations
Exploit-Db
| description | Ganglia Web Frontend < 3.5.1 - PHP Code Execution. CVE-2012-3448. Webapps exploit for php platform |
| file | exploits/php/webapps/38030.php |
| id | EDB-ID:38030 |
| last seen | 2016-02-04 |
| modified | 2015-08-31 |
| platform | php |
| port | |
| published | 2015-08-31 |
| reporter | Andrei Costin |
| source | https://www.exploit-db.com/download/38030/ |
| title | Ganglia Web Frontend < 3.5.1 - PHP Code Execution |
| type | webapps |
Nessus
NASL family Debian Local Security Checks NASL id DEBIAN_DSA-2610.NASL description Insufficient input sanitization in Ganglia, a web-based monitoring system, could lead to remote PHP script execution with permissions of the user running the web server. last seen 2020-03-17 modified 2013-01-22 plugin id 63640 published 2013-01-22 reporter This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/63640 title Debian DSA-2610-1 : ganglia - arbitrary script execution NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201412-10.NASL description The remote host is affected by the vulnerability described in GLSA-201412-10 (Multiple packages, Multiple vulnerabilities fixed in 2012) Vulnerabilities have been discovered in the packages listed below. Please review the CVE identifiers in the Reference section for details. EGroupware VTE Layer Four Traceroute (LFT) Suhosin Slock Ganglia Jabber to GaduGadu Gateway Impact : A context-dependent attacker may be able to gain escalated privileges, execute arbitrary code, cause Denial of Service, obtain sensitive information, or otherwise bypass security restrictions. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 79963 published 2014-12-15 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/79963 title GLSA-201412-10 : Multiple packages, Multiple vulnerabilities fixed in 2012 NASL family Fedora Local Security Checks NASL id FEDORA_2012-10699.NASL description Fix for arbitrary PHP file execution Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2012-07-26 plugin id 60122 published 2012-07-26 reporter This script is Copyright (C) 2012-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/60122 title Fedora 17 : ganglia-3.1.7-6.fc17 (2012-10699) NASL family Fedora Local Security Checks NASL id FEDORA_2012-10727.NASL description Fix for arbitrary PHP file execution Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2012-07-26 plugin id 60123 published 2012-07-26 reporter This script is Copyright (C) 2012-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/60123 title Fedora 16 : ganglia-3.1.7-5.fc16 (2012-10727)
Packetstorm
| data source | https://packetstormsecurity.com/files/download/133379/ganglia-exec.txt |
| id | PACKETSTORM:133379 |
| last seen | 2016-12-05 |
| published | 2015-08-31 |
| reporter | Andrei Costin |
| source | https://packetstormsecurity.com/files/133379/Ganglia-Web-Frontend-PHP-Code-Execution.html |
| title | Ganglia Web Frontend PHP Code Execution |
Seebug
| bulletinFamily | exploit |
| description | <p>1. Assuming that ganglia is installed on the target machine at this path:</p><p>/var/www/html/ganglia/</p><p> </p><p>2. Assuming the attacker has minimal access to the target machine and </p><p>can write to "/tmp". There are several methods where a remote attacker can </p><p>also trigger daemons or other system processes to create files in "/tmp" </p><p>whose content is (partially) controlled by the remote attacker. </p><p> </p><p>3. The attacker puts the contents of this PoC file into the file:</p><p>/tmp/attack.php</p><p> </p><p>4. The attacker visits the Ganglia Web Frontend interface with version < 3.5.1 </p><p>as:</p><p><a href="http://targetIP/ganglia/graph.php?g=../../../../tmp/attack&metric=DUMMY&title=DUMMY" rel="nofollow">http://targetIP/ganglia/graph.php?g=../../../../tmp/attack&metric=DUMMY&title=DUMMY</a></p><p> </p><p>5. Confirm that the PoC created a dummy file in the /tmp folder and copied </p><p>/etc/passwd to /tmp.</p> |
| id | SSV:89282 |
| last seen | 2017-11-19 |
| modified | 2015-09-01 |
| published | 2015-09-01 |
| reporter | 00r00 |
| source | https://www.seebug.org/vuldb/ssvid-89282 |
| title | Ganglia Web Frontend < 3.5.1 - PHP Code Execution |
References
- http://ganglia.info/?p=549
- http://lists.fedoraproject.org/pipermail/package-announce/2012-July/084196.html
- http://lists.fedoraproject.org/pipermail/package-announce/2012-July/084202.html
- http://secunia.com/advisories/50047
- http://www.debian.org/security/2013/dsa-2610
- http://www.openwall.com/lists/oss-security/2012/08/02/1
- http://www.securityfocus.com/bid/54699
- https://bugs.gentoo.org/show_bug.cgi?id=428776
- https://bugzilla.redhat.com/show_bug.cgi?id=845124
- https://www.exploit-db.com/exploits/38030/
- https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00136.html