CVE-2012-3513
Published: 22 August 2012
munin-cgi-graph in Munin before 2.0.6, when running as a CGI module under Apache, allows remote attackers to load new configurations and create files in arbitrary directories via the logdir command.
Notes
Author | Note |
---|---|
mdeslaur | introduced in http://anonscm.debian.org/gitweb/?p=collab-maint/munin.git;a=commit;h=6a0c4523269977c851a3c63f5add492511c4c55f So only affects 2.x |
Priority
Status
Package | Release | Status |
---|---|---|
munin Launchpad, Ubuntu, Debian |
hardy |
Ignored
(end of life)
|
lucid |
Not vulnerable
|
|
natty |
Not vulnerable
|
|
oneiric |
Not vulnerable
|
|
precise |
Not vulnerable
|
|
quantal |
Released
(2.0.2-1ubuntu2.2)
|
|
upstream |
Released
(2.0.6~git-1)
|
|
Patches: upstream: http://anonscm.debian.org/gitweb/?p=collab-maint/munin.git;a=commit;h=db9ba4c44621bfed6e6c83e3f0a22cb18f0671a2 upstream: http://anonscm.debian.org/gitweb/?p=collab-maint/munin.git;a=commit;h=980f5c5f8da8036fb71f44caf99bd3be909e9796 |