Computer Security
[EN] securityvulns.ru no-pyccku


Munin security vulnerabilities
Published:06.11.2012
Source:
SecurityVulns ID:12697
Type:local
Threat Level:
5/10
Description:Symbolic links vulnerability, code execution.
Affected:MUNIN : Munin 1.4
CVE:CVE-2012-3513 (munin-cgi-graph in Munin before 2.0.6, when running as a CGI module under Apache, allows remote attackers to load new configurations and create files in arbitrary directories via the logdir command.)
 CVE-2012-3512 (Munin before 2.0.6 stores plugin state files that run as root in the same group-writable directory as non-root plugins, which allows local users to execute arbitrary code by replacing a state file, as demonstrated using the smart_ plugin.)
 CVE-2012-2103 (The qmailscan plugin for Munin 1.4.5 allows local users to overwrite arbitrary files via a symlink attack on temporary files with predictable names.)
Original documentdocumentUBUNTU, [USN-1622-1] Munin vulnerabilities (06.11.2012)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod