CVE Vulnerabilities

CVE-2012-3512

Published: Nov 21, 2012 | Modified: Apr 05, 2013
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
7.2 HIGH
AV:L/AC:L/Au:N/C:C/I:C/A:C
RedHat/V2
RedHat/V3
Ubuntu

Munin before 2.0.6 stores plugin state files that run as root in the same group-writable directory as non-root plugins, which allows local users to execute arbitrary code by replacing a state file, as demonstrated using the smart_ plugin.

Affected Software

Name Vendor Start Version End Version
Munin Munin-monitoring 2.0.2 2.0.2
Munin Munin-monitoring 2.0-beta3 2.0-beta3
Munin Munin-monitoring 2.0-beta4 2.0-beta4
Munin Munin-monitoring 2.0-rc3 2.0-rc3
Munin Munin-monitoring 2.0-beta5 2.0-beta5
Munin Munin-monitoring 2.0.1 2.0.1
Munin Munin-monitoring * 2.0.5
Munin Munin-monitoring 2.0-rc5 2.0-rc5
Munin Munin-monitoring 2.0-beta2 2.0-beta2
Munin Munin-monitoring 2.0-beta7 2.0-beta7
Munin Munin-monitoring 2.0-rc6 2.0-rc6
Munin Munin-monitoring 2.0-rc1 2.0-rc1
Munin Munin-monitoring 2.0.0 2.0.0
Munin Munin-monitoring 2.0-beta1 2.0-beta1
Munin Munin-monitoring 2.0-rc7 2.0-rc7
Munin Munin-monitoring 2.0.3 2.0.3
Munin Munin-monitoring 2.0-rc2 2.0-rc2
Munin Munin-monitoring 2.0-rc4 2.0-rc4
Munin Munin-monitoring 2.0-beta6 2.0-beta6
Munin Munin-monitoring 2.0.4 2.0.4

References