CVE-2009-0242

Publication date 21 January 2009

Last updated 4 August 2025

Rejected reason: gmetad in Ganglia 3.1.1, when supporting multiple requests per connection on an interactive port, allows remote attackers to cause a denial of service via a request to the gmetad service with a path that does not exist, which causes Ganglia to (1) perform excessive CPU computation and (2) send the entire tree, which consumes network bandwidth. NOTE: the vendor and original researcher have disputed this issue, since legitimate requests can generate the same amount of resource consumption. CVE concurs with the dispute, so this identifier should not be used

Read the notes from the security team

Status

Show unmaintained releases

Package	Ubuntu Release	Status
ganglia-monitor-core	8.10 intrepid	Not affected
	8.04 LTS hardy	Not affected
	7.10 gutsy	Not affected
	6.06 LTS dapper	Not affected

Notes

jdstrand

per Debian, only affects 3.1.1 branch, currently in experimental under different name

References

Other references

https://www.cve.org/CVERecord?id=CVE-2009-0242