Ganglia gmond Malcrafted UDP DoS

2003-11-10T04:36:39
ID OSVDB:2787
Type osvdb
Reporter OSVDB
Modified 2003-11-10T04:36:39

Description

Vulnerability Description

Ganglia contains a flaw that may allow a remote denial of service. The issue is triggered when gmond is supplied with certain bad UDP packets, and will result in loss of availability for the service.

Technical Description

A user-defined metric packet with a name string of length 1 and a first char larger than the hash size would crash all gmond on a multicast channel. These packets formats are not possible using standard ganglia clients but can easily be created otherwise.

Solution Description

Upgrade to version 2.5.5 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

Ganglia contains a flaw that may allow a remote denial of service. The issue is triggered when gmond is supplied with certain bad UDP packets, and will result in loss of availability for the service.

References:

Secunia Advisory ID:10166 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2003-11/0046.html ISS X-Force ID: 13631 Generic Informational URL: http://ganglia.sourceforge.net/ CVE-2003-1163 Bugtraq ID: 8988