Bug 845124 (CVE-2012-3448)

Summary: CVE-2012-3448 ganglia: arbitrary script execution vulnerability
Product: [Other] Security Response Reporter: Vincent Danen <vdanen>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: high Docs Contact:
Priority: high    
Version: unspecifiedCC: ggillies, k.georgiou, terje.rosten
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2015-08-22 16:45:06 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Vincent Danen 2012-08-01 21:17:39 UTC 
Upstream has released Ganglia Web 3.5.1 [1] which includes a fix for a security flaw going back to 3.1.7 and possibly earlier versions.  This flaw can lead to the arbitrary execution of scripts with the privileges of the web user (apache or nobody), which could possibly lead to other compromises or data exposure.  This flaw has been fixed in upstream 3.5.1.  No further information is currently available regarding the flaw or a patch.

[1] http://ganglia.info/?p=549
Comment 1 Vincent Danen 2015-08-22 16:45:06 UTC 
Current Fedora and EPEL ship 3.7.1