Your message dated Sun, 01 Feb 2009 10:17:11 +0000
with message-id <e1ltzo3-0001it...@ries.debian.org>
and subject line Bug#512365: fixed in ganglia 3.1.2-1
has caused the Debian Bug report #512365,
regarding gmetad: stack based buffer overflow in process_path
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
512365: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=512365
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: gmetad
Version: 2.5.7-2
A buffer overflow in the interactive port for gmetad has been reported
upstream in :
http://bugzilla.ganglia.info/cgi-bin/bugzilla/show_bug.cgi?id=223
this results in the posibility of remotely executing code as the user
that is running gmetad and affects all versions of gmetad that are
packaged by debian.
the following patch backports the fix to 2.5.7 and could be applied
to eliminate this vulnerability in oldstable/stable/testing/unstable.
a fix that could be used in the version for experimental can be obtained
from the reported url and will be included in 3.1.2
Carlo
---
diff -ur a/ganglia-monitor-core-2.5.7/gmetad/server.c
b/ganglia-monitor-core-2.5.7/gmetad/server.c
--- a/ganglia-monitor-core-2.5.7/gmetad/server.c 2004-09-14
09:18:26.000000000 -0700
+++ b/ganglia-monitor-core-2.5.7/gmetad/server.c 2009-01-19
22:26:39.000000000 -0800
@@ -332,14 +332,13 @@
/* sacerdoti: This function does a tree walk while respecting the filter path.
* Will return valid XML even if we have chosen a subtree. Since tree depth is
- * bounded, this function guarantees O(1) search time. The recursive structure
- * does not require any memory allocations.
+ * bounded, this function guarantees O(1) search time.
*/
static int
process_path (client_t *client, char *path, datum_t *myroot, datum_t *key)
{
char *p, *q, *pathend;
- char element[256];
+ char *element;
int rc, len;
datum_t *found;
datum_t findkey;
@@ -381,6 +380,9 @@
if (!q) q=pathend;
len = q-p;
+ element = malloc(len + 1);
+ if ( element == NULL )
+ return 1;
strncpy(element, p, len);
element[len] = '\0';
@@ -402,6 +404,7 @@
{
rc = process_path(client, 0, myroot, NULL);
}
+ free(element);
}
if (rc) return 1;
@@ -499,7 +502,7 @@
int len;
client_t client;
char remote_ip[16];
- char request[REQUESTLEN];
+ char request[REQUESTLEN + 1];
llist_entry *le;
datum_t rootdatum;
--- End Message ---
--- Begin Message ---
Source: ganglia
Source-Version: 3.1.2-1
We believe that the bug you reported is fixed in the latest version of
ganglia, which is due to be installed in the Debian FTP archive:
ganglia-monitor_3.1.2-1_i386.deb
to pool/main/g/ganglia/ganglia-monitor_3.1.2-1_i386.deb
ganglia-webfrontend_3.1.2-1_all.deb
to pool/main/g/ganglia/ganglia-webfrontend_3.1.2-1_all.deb
ganglia_3.1.2-1.diff.gz
to pool/main/g/ganglia/ganglia_3.1.2-1.diff.gz
ganglia_3.1.2-1.dsc
to pool/main/g/ganglia/ganglia_3.1.2-1.dsc
ganglia_3.1.2.orig.tar.gz
to pool/main/g/ganglia/ganglia_3.1.2.orig.tar.gz
gmetad_3.1.2-1_i386.deb
to pool/main/g/ganglia/gmetad_3.1.2-1_i386.deb
libganglia1-dev_3.1.2-1_i386.deb
to pool/main/g/ganglia/libganglia1-dev_3.1.2-1_i386.deb
libganglia1_3.1.2-1_i386.deb
to pool/main/g/ganglia/libganglia1_3.1.2-1_i386.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 512...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Stu Teasdale <s...@debian.org> (supplier of updated ganglia package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Sat, 31 Jan 2009 21:43:26 +0000
Source: ganglia
Binary: ganglia-monitor gmetad libganglia1 libganglia1-dev ganglia-webfrontend
Architecture: source all i386
Version: 3.1.2-1
Distribution: experimental
Urgency: low
Maintainer: Stuart Teasdale <s...@debian.org>
Changed-By: Stu Teasdale <s...@debian.org>
Description:
ganglia-monitor - cluster system monitoring daemon
ganglia-webfrontend - ganglia cluster monitoring toolkit web frontend
gmetad - meta-daemon for ganglia cluster monitoring toolkit
libganglia1 - ganglia cluster system monitor toolkit (shared libraries)
libganglia1-dev - ganglia cluster system monitor toolkit (devel libraries)
Closes: 512153 512365 512695
Changes:
ganglia (3.1.2-1) experimental; urgency=low
.
* New upstream version with security fixes. (Closes: #512365.)
* Include the gmond.conf manpage in the ganglia-monitor package.
Closes: #512695.
* Fix up the apache config stub. Closes: #512153.
Checksums-Sha1:
ea401082413c5cd6a2cf7bbb13effb6f3eb8b113 1181 ganglia_3.1.2-1.dsc
be5db246eb755d8c450140d1c80afef4f1179fe1 1213196 ganglia_3.1.2.orig.tar.gz
b2c0d29a99596321d6fd2b892d29ce833ec69292 33328 ganglia_3.1.2-1.diff.gz
d1a04a5dfa53bd2170f07874c5dc0bf1d5948e62 108128
ganglia-webfrontend_3.1.2-1_all.deb
690b6fddee984ed65cbe8673e60ecda63599a7cc 52928 ganglia-monitor_3.1.2-1_i386.deb
382ed1fbe44593b4dff9a5024b31c271c17e5694 29248 gmetad_3.1.2-1_i386.deb
928bd90ae968542ec0a07aed985ec4aa570159cf 124740 libganglia1_3.1.2-1_i386.deb
d17ceabad47f3c67451b22a1d7781554a00ac9b7 37468 libganglia1-dev_3.1.2-1_i386.deb
Checksums-Sha256:
9dac7c297579686b169ac1ce8b7d445d9ecd7ed6a070808727089830bfcbb596 1181
ganglia_3.1.2-1.dsc
278f6fcf2299ceb8cacff999e54f96987e8d09064b1d43469108985bdeba6f12 1213196
ganglia_3.1.2.orig.tar.gz
1a0dc0ea6240d1c559e3b810379cb184a8a56dd76057b7ff33454466dd942806 33328
ganglia_3.1.2-1.diff.gz
3e214360e4a9e688e9c4daed1527733eaa6ce003d9b0b9e64ffe7ada5e9ab770 108128
ganglia-webfrontend_3.1.2-1_all.deb
1f782167edb7d2161023d12793f28dc6bf7c8d85bac63540f65c7fc461e59fd6 52928
ganglia-monitor_3.1.2-1_i386.deb
f96ca07861c73abbda5e11bce78de44a663e04653d4cfb531288c75296324fc3 29248
gmetad_3.1.2-1_i386.deb
16f9b60fcbc1c027da2b6db02e9665639625d77aacd9de0c5f418825896f3868 124740
libganglia1_3.1.2-1_i386.deb
d7e5415f9cb89bc4c8b0c2df854af112e36a37d7a7deae0373d744efa669e3a1 37468
libganglia1-dev_3.1.2-1_i386.deb
Files:
5400aced28e558b433f602a7d6ce9fd0 1181 net optional ganglia_3.1.2-1.dsc
aaba09a6fa897ed581789f679f7ca62d 1213196 net optional ganglia_3.1.2.orig.tar.gz
26b8a3737c2f7ae6efde555d87e00cef 33328 net optional ganglia_3.1.2-1.diff.gz
3eebae1b41e56cc9088c3924d60b66d1 108128 net optional
ganglia-webfrontend_3.1.2-1_all.deb
4d85f64d26b941010e7c64aa2d0442e5 52928 net optional
ganglia-monitor_3.1.2-1_i386.deb
20865dbafaffe2b91aed4888afe43281 29248 net optional gmetad_3.1.2-1_i386.deb
36c1d1501cb71810ba53ae6bdf33f4c9 124740 libs optional
libganglia1_3.1.2-1_i386.deb
f20df49259880eb1972d9b7419a64d68 37468 libdevel optional
libganglia1-dev_3.1.2-1_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAkmFcvMACgkQqXWYex+fp+7VDwCePKqVpSLmfgQqQ8pJO28gn0q3
7W0An0gYHnMyXZWYlnffDmBBhCeu76yv
=S0gf
-----END PGP SIGNATURE-----
--- End Message ---
