{"edition": 1, "title": "Ganglia gmond Malcrafted UDP DoS ", "bulletinFamily": "software", "published": "2003-11-10T04:36:39", "lastseen": "2017-04-28T13:19:57", "modified": "2003-11-10T04:36:39", "reporter": "OSVDB", "viewCount": 3, "href": "https://vulners.com/osvdb/OSVDB:2787", "description": "## Vulnerability Description\nGanglia contains a flaw that may allow a remote denial of service. The issue is triggered when gmond is supplied with certain bad UDP packets, and will result in loss of availability for the service. \n\n\n## Technical Description\nA user-defined metric packet with a name string of length 1 and a first char larger than the hash size would crash all gmond on a multicast channel. These packets formats are not possible using standard ganglia clients but can easily be created otherwise.\n## Solution Description\nUpgrade to version 2.5.5 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## Short Description\nGanglia contains a flaw that may allow a remote denial of service. The issue is triggered when gmond is supplied with certain bad UDP packets, and will result in loss of availability for the service. \n\n\n## References:\n[Secunia Advisory ID:10166](https://secuniaresearch.flexerasoftware.com/advisories/10166/)\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2003-11/0046.html\nISS X-Force ID: 13631\nGeneric Informational URL: http://ganglia.sourceforge.net/\n[CVE-2003-1163](https://vulners.com/cve/CVE-2003-1163)\nBugtraq ID: 8988\n", "affectedSoftware": [{"name": "Ganglia", "version": "2.5.3", "operator": "eq"}, {"name": "Ganglia", "version": "2.5.2", "operator": "eq"}, {"name": "Ganglia", "version": "2.5.1", "operator": "eq"}, {"name": "Ganglia", "version": "2.5.0", "operator": "eq"}, {"name": "Ganglia", "version": "2.5.4", "operator": "eq"}], "type": "osvdb", "references": [], "enchantments": {"score": {"value": 5.0, "vector": "NONE", "modified": "2017-04-28T13:19:57", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2003-1163"]}], "modified": "2017-04-28T13:19:57", "rev": 2}, "vulnersScore": 5.0}, "cvss": {"vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/", "score": 5.0}, "cvelist": ["CVE-2003-1163"], "id": "OSVDB:2787"}

{"cve": [{"lastseen": "2020-10-03T11:33:03", "description": "hash.c in Ganglia gmond 2.5.3 allows remote attackers to cause a denial of service (segmentation fault) via a UDP packet that contains a single-byte name string, which is used as an out-of-bounds array index.", "edition": 3, "cvss3": {}, "published": "2003-12-31T05:00:00", "title": "CVE-2003-1163", "type": "cve", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2003-1163"], "modified": "2017-07-11T01:29:00", "cpe": ["cpe:/a:ganglia:gmond:2.5.4", "cpe:/a:ganglia:gmond:2.5.2", "cpe:/a:ganglia:gmond:2.5.3", "cpe:/a:ganglia:gmond:2.5.1", "cpe:/a:ganglia:gmond:2.5.0"], "id": "CVE-2003-1163", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2003-1163", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:ganglia:gmond:2.5.4:*:*:*:*:*:*:*", "cpe:2.3:a:ganglia:gmond:2.5.3:*:*:*:*:*:*:*", "cpe:2.3:a:ganglia:gmond:2.5.1:*:*:*:*:*:*:*", "cpe:2.3:a:ganglia:gmond:2.5.0:*:*:*:*:*:*:*", "cpe:2.3:a:ganglia:gmond:2.5.2:*:*:*:*:*:*:*"]}]}