![oss-sec logo](/images/oss-sec-logo.png)
oss-sec mailing list archives
Re: Bug#668667: CVE Request (minor) -- Two Munin graphing framework flaws
From: Steve Schnepp <steve.schnepp () gmail com>
Date: Fri, 27 Apr 2012 17:41:48 +0200
On Wed, Apr 18, 2012 at 07:04, Kurt Seifried <kseifried () redhat com> wrote:
In addition munin parses parts of the query string. You are allowed to modify the size of the image. By choosing a path "....png?size_x=20000&size_y=20000&uniquestuff" you can do the same attack while simultaneously using a large image size. The raw image would be 381M (assuming 8bits/pixel) in this case. A png version will likely be smaller, say 4M? So now you have an amplification of 4M/request. Note that this query can get a node into swapping, because rrdtool needs to create the whole image in main memory.
Ouch.
I believe I fixed the bug in r4825, since : - url with query string aren't stored permanently anymore. - /tmp isn't used anymore per default (to fix #668536) Could you confirm that ? OTOH, the issue about very big imgs that gets the cgi into swapping isn't the same bug to be. As Helmut noticed, there is already a size cap in rrd, so do I still need implement one in munin ? If yes, would you mind to file another bugreport (for RAM exhaustion) ? Thx ! r4825: http://munin-monitoring.org/changeset/4825 -- Steve Schnepp http://blog.pwkf.org/
Current thread:
- CVE Request (minor) -- Two Munin graphing framework flaws Jan Lieskovsky (Apr 16)
- Re: CVE Request (minor) -- Two Munin graphing framework flaws Kurt Seifried (Apr 16)
- Re: CVE Request (minor) -- Two Munin graphing framework flaws Helmut Grohne (Apr 16)
- Re: CVE Request (minor) -- Two Munin graphing framework flaws Kurt Seifried (Apr 17)
- Re: CVE Request (minor) -- Two Munin graphing framework flaws Helmut Grohne (Apr 17)
- Re: CVE Request (minor) -- Two Munin graphing framework flaws Kurt Seifried (Apr 18)
- Re: Bug#668667: CVE Request (minor) -- Two Munin graphing framework flaws Kenyon Ralph (Apr 18)
- Re: [Packaging] Bug#668667: [oss-security] CVE Request (minor) -- Two Munin graphing framework flaws Holger Levsen (Apr 18)
- Re: CVE Request (minor) -- Two Munin graphing framework flaws Helmut Grohne (Apr 16)
- Re: CVE Request (minor) -- Two Munin graphing framework flaws Kurt Seifried (Apr 16)
- Re: Bug#668667: CVE Request (minor) -- Two Munin graphing framework flaws Steve Schnepp (Apr 27)
- Re: Bug#668667: CVE Request (minor) -- Two Munin graphing framework flaws Kurt Seifried (Apr 28)