[emanicslab] Fwd: CVE-2012-3448: Ganglia Web interface for http://emanicslab.csg.uzh.ch
David Hausheer
hausheer at ifi.uzh.ch
Sat Jan 19 23:47:30 CET 2013
Dear all,
Today we were notified about a vulnerability of the ganglia tool (the
tool used for monitoring the EmanicsLab nodes). We now stopped the
ganglia tool in order to stop any potential harm from it and we are
going to restart it when the problem has been fixed.
Best regards
David
-------- Original Message --------
Subject: CVE-2012-3448: Ganglia Web interface for
http://emanicslab.csg.uzh.ch
Date: Sat, 19 Jan 2013 10:53:43 +0100
From: Salvatore Bonaccorso <bonaccos at ee.ethz.ch>
To: emanicslab at ifi.uzh.ch
Hi
(writing in english as I do not know if recieving person speaks
german).
I'm employed at ETH at the department D-ITET, the IT support there. As
I was looking at CVE-2012-3448[0] for ganglia I noticed via google
Index that you use ganglia web too[1].
Don't know if actually your version is affected too, but in the footer
I saw mentioned 3.0.7, at least 3.1.7 has the issue (path traversal).
[0]: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3448
[1]: http://emanicslab.csg.uzh.ch/ganglia/
[2]: http://bugs.debian.org/683584
Hope this might be of help in case you are affected by the issue.
Regards,
Salvatore
--
Salvatore Bonaccorso Phone: +41 44 632 70 25 bonaccos at ee.ethz.ch
ETH Zurich D-ITET Physikstrasse 3 CH-8092 Zurich
Room: ISG.EE ETL F 24.1 Web: http://people.ee.ethz.ch/bonaccos
ID: 86CE99E3 fp: 1FF7 0D0E 4A6C 57C8 3C6F 8648 8BFD 1011 86CE 99E3
More information about the emanicslab
mailing list