Insufficient input sanitization in Ganglia, a web based monitoring system, could lead to remote PHP script execution with permissions of the user running the web server.

For the stable distribution (squeeze), this problem has been fixed in version 3.1.7-1+squeeze1. For the testing distribution (wheezy), this problem has been fixed in version 3.3.8-1. For the unstable distribution (sid), this problem has been fixed in version 3.3.8-1. We recommend that you upgrade your ganglia packages.

Ganglia is a scalable, real-time cluster monitoring environment that collects cluster statistics in an open and well-defined XML format.

ganglia on Debian Linux

This check tests the installed software version using the apt package manager.

• http://www.debian.org/security/2013/dsa-2610.html

---

Updated on 2015-03-25