ambari-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Sumit Mohanty (JIRA)" <>
Subject [jira] [Created] (AMBARI-1934) Security vulnerability with Ganglia and Nagios
Date Mon, 15 Apr 2013 16:56:15 GMT
Sumit Mohanty created AMBARI-1934:

             Summary: Security vulnerability with Ganglia and Nagios
                 Key: AMBARI-1934
             Project: Ambari
          Issue Type: Bug
    Affects Versions: 1.3.0
            Reporter: Sumit Mohanty
            Assignee: Sumit Mohanty
             Fix For: 1.3.0

Ganglia Issue : 
Unspecified vulnerability in Ganglia Web before 3.5.1 allows remote attackers to execute arbitrary
PHP code via unknown attack vectors. 

Ganglia Web 3.5.1 Release – Security Advisory 
There is a security issue in Ganglia Web going back to at least 3.1.7 which can lead to arbitrary
script being executed with web user privileges possibly leading to a machine compromise. Issue
has been fixed in the latest version of Ganglia Web which can be downloaded from

Need to get upgraded rpms with the Ganglia Web version 3.5.7 which has the fix for this vulnerability.

Multiple stack-based buffer overflows in the get_history function in history.cgi in Nagios
Core before 3.4.4, and Icinga 1.6.x before 1.6.2, 1.7.x before 1.7.4, and 1.8.x before 1.8.4,
might allow remote attackers to execute arbitrary code via a long (1) host_name variable (host
parameter) or (2) svc_description variable. 

Vulnerable software and versions - nagios:nagios:3.4.3 and previous versions 

This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see:

View raw message