Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Wed, 01 Aug 2012 18:04:29 -0600
From: Kurt Seifried <kseifried@...hat.com>
To: oss-security@...ts.openwall.com
CC: Vincent Danen <vdanen@...hat.com>
Subject: Re: CVE request: Ganglia Web 3.5.1

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 08/01/2012 03:20 PM, Vincent Danen wrote:
> Not a lot of details on this one, but could a CVE be assigned to
> this?
> 
> Upstream has released Ganglia Web 3.5.1 [1] which includes a fix
> for a security flaw going back to 3.1.7 and possibly earlier
> versions.  This flaw can lead to the arbitrary execution of scripts
> with the privileges of the web user (apache or nobody), which could
> possibly lead to other compromises or data exposure.  This flaw has
> been fixed in upstream 3.5.1.  No further information is currently
> available regarding the flaw or a patch.
> 
> [1] http://ganglia.info/?p=549
> 
> Other references:
> 
> https://bugzilla.redhat.com/show_bug.cgi?id=845124 
> https://bugs.gentoo.org/show_bug.cgi?id=428776 
> https://secunia.com/advisories/50047/

Please use CVE-2012-3448 for this issue.

- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBAgAGBQJQGcQNAAoJEBYNRVNeJnmTaEcQANgvhjovtiu/E8wH9kLSle8T
ImbL8A/0ufd0omQTCngXBNVhB5+xNksAyGC9lqKaYSmARLnlsUVW68ULiRKy1qQJ
5PB9D4R+5SEjZzqhDLrH3A5GuxMhpbNTOmh/qw9b7FL7Jh+OktQtpdwY7rDuuQpV
CCfx48I3pjmuuHAKUj7GnCmbWNCPXSTe/lAPWbqTC+9gNw0+IOx9hSZRC+muan4l
tJILX1JyzRhJsw3DSnEjKVE5XvXlJ+DM62ghVzG0ZrjuUPtqMbxlBJj143t+SztW
kp/2V9UVFK06nVC+wpEg35OIO3kZqDnPqJUIAIKMGaBkHb0iz1vKGagD5cWsU/zm
7HauP0EyAHAK8EwCiQBloKRVCY12k2daakbr4PLqpjoqZunFr4fNL6Y+2bW+HwWn
7deDzHFxcy6yDwaWmzz6QrKnePTnouvlFrXLEJ6pCiY4JcCU6zCNmIW6V45iyKkA
baYS4fKqh8Nxsk1HhIz6U9Ge0C9sy351z7ZjqFOR6SzNeV8LkbqmrWP0TMHzFNa8
HT2ie7E8OJnlovFZi/TphZwB3Sg17GKuMpE+GE3MjKpghratt60LB/dqD7TORS5A
EG8lE0f6LD2Uh4fqR7XtorYQ9t28jVYDvWJ1i7PODecY5ZHooqd1QYad5apd0y9a
GynX35poNXWsdfrge/Hb
=gT+M
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ