Detections
Analytics
Mandriva Linux Security Advisory : ganglia (MDVSA-2013:080)
high Nessus Plugin ID 66094
Language:
Synopsis
The remote Mandriva Linux host is missing one or more security updates.Description
Updated ganglia packages fix security vulnerability :There is a security issue in Ganglia Web going back to at least 3.1.7 which can lead to arbitrary script being executed with web user privileges possibly leading to a machine compromise.
Additionally, an issue where active NFS mounts caused gmond to not start has also been corrected.
When installing ganglia-gmetad, the installer uses the non-existent nobody, and not nogroup, as the group when changing new ownership of files.
Solution
Update the affected packages.See Also
https://wiki.mageia.org/en/Support/Advisories/MGAA-2013-0008
Plugin Details
Severity: High
ID: 66094
File Name: mandriva_MDVSA-2013-080.nasl
Version: 1.6
Type: local
Family: Mandriva Local Security Checks
Published: 4/20/2013
Updated: 1/6/2021
Supported Sensors: Nessus
Vulnerability Information
CPE: p-cpe:/a:mandriva:linux:ganglia-core, p-cpe:/a:mandriva:linux:ganglia-gmetad, p-cpe:/a:mandriva:linux:ganglia-script, p-cpe:/a:mandriva:linux:ganglia-webfrontend, p-cpe:/a:mandriva:linux:lib64ganglia1, p-cpe:/a:mandriva:linux:lib64ganglia1-devel, cpe:/o:mandriva:business_server:1
Required KB Items: Host/local_checks_enabled, Host/cpu, Host/Mandrake/release, Host/Mandrake/rpm-list
Patch Publication Date: 4/9/2013
Reference Information
MDVSA: 2013:080
MGASA: 2012-0277