Sumit Mohanty created AMBARI-1934:
-------------------------------------
Summary: Security vulnerability with Ganglia and Nagios
Key: AMBARI-1934
URL: https://issues.apache.org/jira/browse/AMBARI-1934
Project: Ambari
Issue Type: Bug
Affects Versions: 1.3.0
Reporter: Sumit Mohanty
Assignee: Sumit Mohanty
Fix For: 1.3.0
Ganglia Issue :
Unspecified vulnerability in Ganglia Web before 3.5.1 allows remote attackers
to execute arbitrary PHP code via unknown attack vectors.
http://ganglia.info/?p=549
Ganglia Web 3.5.1 Release – Security Advisory
There is a security issue in Ganglia Web going back to at least 3.1.7 which can
lead to arbitrary script being executed with web user privileges possibly
leading to a machine compromise. Issue has been fixed in the latest version of
Ganglia Web which can be downloaded from
https://sourceforge.net/projects/ganglia/files/ganglia-web/3.5.1/
Solution:
Need to get upgraded rpms with the Ganglia Web version 3.5.7 which has the fix
for this vulnerability.
Nagios:
Multiple stack-based buffer overflows in the get_history function in
history.cgi in Nagios Core before 3.4.4, and Icinga 1.6.x before 1.6.2, 1.7.x
before 1.7.4, and 1.8.x before 1.8.4, might allow remote attackers to execute
arbitrary code via a long (1) host_name variable (host parameter) or (2)
svc_description variable.
http://www.nagios.org/projects/nagioscore/history/core-3x
http://lists.grok.org.uk/pipermail/full-disclosure/2012-December/089125.html
Vulnerable software and versions - nagios:nagios:3.4.3 and previous versions
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
