CVE-2009-0241 - Vulnerability Details - OpenCVE

Stack-based buffer overflow in the process_path function in gmetad/server.c in Ganglia 3.1.1 allows remote attackers to cause a denial of service (crash) via a request to the gmetad service with a long pathname.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Ganglia	Ganglia

Configuration 1 [-]

cpe:2.3:a:ganglia:ganglia:3.1.1:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://bugzilla.ganglia.info/cgi-bin/bugzilla/show_bug.cgi?id=223
http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html
http://secunia.com/advisories/33506
http://secunia.com/advisories/34228
http://secunia.com/advisories/35416
http://security.gentoo.org/glsa/glsa-200903-22.xml
http://www.mail-archive.com/ganglia-developers%40lists.sourceforge.net/msg04929.html
http://www.securityfocus.com/bid/33299
https://nvd.nist.gov/vuln/detail/CVE-2009-0241
https://www.cve.org/CVERecord?id=CVE-2009-0241

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2009-01-21T11:00:00

Updated: 2024-08-07T04:24:18.448Z

Reserved: 2009-01-20T00:00:00

Link: CVE-2009-0241

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2009-01-21T11:30:00.390

Modified: 2025-04-09T00:30:58.490

Link: CVE-2009-0241

Redhat

Severity : Moderate

Publid Date: 2009-01-13T00:00:00Z

Links: CVE-2009-0241 - Bugzilla

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2009-01-13T00:00:00", "descriptions": [{"lang": "en", "value": "Stack-based buffer overflow in the process_path function in gmetad/server.c in Ganglia 3.1.1 allows remote attackers to cause a denial of service (crash) via a request to the gmetad service with a long pathname."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2009-03-13T09:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "http://bugzilla.ganglia.info/cgi-bin/bugzilla/show_bug.cgi?id=223"}, {"name": "GLSA-200903-22", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "http://security.gentoo.org/glsa/glsa-200903-22.xml"}, {"name": "33506", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/33506"}, {"name": "SUSE-SR:2009:011", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html"}, {"name": "34228", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/34228"}, {"name": "[Ganglia-developers] 20090113 patches for: [Sec] Gmetad server BoF and network overload + [Feature] multiple requests per conn on interactive port", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.mail-archive.com/ganglia-developers%40lists.sourceforge.net/msg04929.html"}, {"name": "33299", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/33299"}, {"name": "35416", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/35416"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2009-0241", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Stack-based buffer overflow in the process_path function in gmetad/server.c in Ganglia 3.1.1 allows remote attackers to cause a denial of service (crash) via a request to the gmetad service with a long pathname."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://bugzilla.ganglia.info/cgi-bin/bugzilla/show_bug.cgi?id=223", "refsource": "MISC", "url": "http://bugzilla.ganglia.info/cgi-bin/bugzilla/show_bug.cgi?id=223"}, {"name": "GLSA-200903-22", "refsource": "GENTOO", "url": "http://security.gentoo.org/glsa/glsa-200903-22.xml"}, {"name": "33506", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/33506"}, {"name": "SUSE-SR:2009:011", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html"}, {"name": "34228", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/34228"}, {"name": "[Ganglia-developers] 20090113 patches for: [Sec] Gmetad server BoF and network overload + [Feature] multiple requests per conn on interactive port", "refsource": "MLIST", "url": "http://www.mail-archive.com/ganglia-developers@lists.sourceforge.net/msg04929.html"}, {"name": "33299", "refsource": "BID", "url": "http://www.securityfocus.com/bid/33299"}, {"name": "35416", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/35416"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T04:24:18.448Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://bugzilla.ganglia.info/cgi-bin/bugzilla/show_bug.cgi?id=223"}, {"name": "GLSA-200903-22", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "http://security.gentoo.org/glsa/glsa-200903-22.xml"}, {"name": "33506", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/33506"}, {"name": "SUSE-SR:2009:011", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html"}, {"name": "34228", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/34228"}, {"name": "[Ganglia-developers] 20090113 patches for: [Sec] Gmetad server BoF and network overload + [Feature] multiple requests per conn on interactive port", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.mail-archive.com/ganglia-developers%40lists.sourceforge.net/msg04929.html"}, {"name": "33299", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/33299"}, {"name": "35416", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/35416"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2009-0241", "datePublished": "2009-01-21T11:00:00", "dateReserved": "2009-01-20T00:00:00", "dateUpdated": "2024-08-07T04:24:18.448Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ganglia:ganglia:3.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "1B92DC96-8FD2-463A-A7AA-6B570249C588", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Stack-based buffer overflow in the process_path function in gmetad/server.c in Ganglia 3.1.1 allows remote attackers to cause a denial of service (crash) via a request to the gmetad service with a long pathname."}, {"lang": "es", "value": "desbordamiento de b\u00fafer basado en pila en la funci\u00f3n process_path en gmetad/server.c en Ganglia v3.1.1 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (caida) a trav\u00e9s de un petici\u00f3n al servicio gmetad con un nombre de ruta largo."}], "id": "CVE-2009-0241", "lastModified": "2025-04-09T00:30:58.490", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2009-01-21T11:30:00.390", "references": [{"source": "cve@mitre.org", "url": "http://bugzilla.ganglia.info/cgi-bin/bugzilla/show_bug.cgi?id=223"}, {"source": "cve@mitre.org", "url": "http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/33506"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/34228"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/35416"}, {"source": "cve@mitre.org", "url": "http://security.gentoo.org/glsa/glsa-200903-22.xml"}, {"source": "cve@mitre.org", "url": "http://www.mail-archive.com/ganglia-developers%40lists.sourceforge.net/msg04929.html"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/33299"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://bugzilla.ganglia.info/cgi-bin/bugzilla/show_bug.cgi?id=223"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/33506"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/34228"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/35416"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://security.gentoo.org/glsa/glsa-200903-22.xml"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.mail-archive.com/ganglia-developers%40lists.sourceforge.net/msg04929.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/33299"}], "sourceIdentifier": "cve@mitre.org", "vendorComments": [{"comment": "Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=CVE-2009-0241\n\nThe Red Hat Security Response Team has rated this issue as having moderate security impact, a future update of Red Hat HPC Solution may address this flaw. More information regarding\nissue severity can be found here: http://www.redhat.com/security/updates/classification/\n", "lastModified": "2009-01-23T00:00:00", "organization": "Red Hat"}], "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Primary"}]}