icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons_061

Munin Resource Monitoring < 2.0.6 Multiple Vulnerabilities

Medium

Synopsis

The remote web server is utilizing a resource monitoring tool

Description

Munin is a networked resource monitoring tool. Versions of Munin prior to 2.0.6 are affected by the following vulnerabilities :

- The qmailscan plugin allows local users to overwrite arbitrary files via a symlink attack on temporary files with predictable names (CVE-2012-2103). - Munin stores plugin state files that run as root in the same group-writable directory as non-root plugins, which allows local users to execute arbitrary code by replacing a state file, as demonstrated using the smart_ plugin (CVE-2012-3512). - munin-cgi-graph, when running as a CGI module under Apache, allows remote attackers to load new configurations and create files in arbitrary directories via the logdir command (CVE-2012-3513)

Solution

Update the affected munin, munin-master and / or munin-node packages to 2.0.6-1 or the latest release.