Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Munin Resource Monitoring < 2.0.6 Multiple Vulnerabilities

Medium

Synopsis

The remote web server is utilizing a resource monitoring tool

Description

Munin is a networked resource monitoring tool. Versions of Munin prior to 2.0.6 are affected by the following vulnerabilities :

- The qmailscan plugin allows local users to overwrite arbitrary files via a symlink attack on temporary files with predictable names (CVE-2012-2103). - Munin stores plugin state files that run as root in the same group-writable directory as non-root plugins, which allows local users to execute arbitrary code by replacing a state file, as demonstrated using the smart_ plugin (CVE-2012-3512). - munin-cgi-graph, when running as a CGI module under Apache, allows remote attackers to load new configurations and create files in arbitrary directories via the logdir command (CVE-2012-3513)

Solution

Update the affected munin, munin-master and / or munin-node packages to 2.0.6-1 or the latest release.