CVE-2009-0242 - ** REJECT ** gmetad in Ganglia 3.1.1, when supporting multiple requests per connection on an intera

CVE-2009-0242

Summary

** REJECT ** gmetad in Ganglia 3.1.1, when supporting multiple requests per connection on an interactive port, allows remote attackers to cause a denial of service via a request to the gmetad service with a path that does not exist, which causes Ganglia to (1) perform excessive CPU computation and (2) send the entire tree, which consumes network bandwidth. NOTE: the vendor and original researcher have disputed this issue, since legitimate requests can generate the same amount of resource consumption. CVE concurs with the dispute, so this identifier should not be used.

References

Vulnerable Configurations

CVSS

Base:	5.0
Impact:
Exploitability:

Access

Vector	Complexity	Authentication

Impact

Confidentiality	Integrity	Availability

refmap via4

misc	https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2009-0242#c1
mlist	[Ganglia-developers] 20090113 patches for: [Sec] Gmetad server BoF and network overload + [Feature] multiple requests per conn on interactive port [Ganglia-developers] 20090123 Re: CVE
xf	ganglia-gmetad-dos(48166)

statements via4

contributor	Joshua Bressers
lastmodified	2009-01-22
organization	Red Hat
statement	Red Hat does not consider this to be a security issue. For more information, please see the following bug: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2009-0242

Last major update

16-12-2016 - 02:59

Published

21-01-2009 - 11:30

Last modified

16-12-2016 - 02:59