munin-cgi-graph in Munin before 2.0.6, when running as a CGI module under Apache, allows remote attackers to load new configurations and create files in arbitrary directories via the logdir command.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Munin | Munin-monitoring | 2.0.2 | 2.0.2 |
Munin | Munin-monitoring | 2.0-beta3 | 2.0-beta3 |
Munin | Munin-monitoring | 2.0-beta4 | 2.0-beta4 |
Munin | Munin-monitoring | 2.0-rc3 | 2.0-rc3 |
Munin | Munin-monitoring | 2.0-beta5 | 2.0-beta5 |
Munin | Munin-monitoring | 2.0.1 | 2.0.1 |
Munin | Munin-monitoring | * | 2.0.5 |
Munin | Munin-monitoring | 2.0-rc5 | 2.0-rc5 |
Munin | Munin-monitoring | 2.0-beta2 | 2.0-beta2 |
Munin | Munin-monitoring | 2.0-beta7 | 2.0-beta7 |
Munin | Munin-monitoring | 2.0-rc6 | 2.0-rc6 |
Munin | Munin-monitoring | 2.0-rc1 | 2.0-rc1 |
Munin | Munin-monitoring | 2.0.0 | 2.0.0 |
Munin | Munin-monitoring | 2.0-beta1 | 2.0-beta1 |
Munin | Munin-monitoring | 2.0-rc7 | 2.0-rc7 |
Munin | Munin-monitoring | 2.0.3 | 2.0.3 |
Munin | Munin-monitoring | 2.0-rc2 | 2.0-rc2 |
Munin | Munin-monitoring | 2.0-rc4 | 2.0-rc4 |
Munin | Munin-monitoring | 2.0-beta6 | 2.0-beta6 |
Munin | Munin-monitoring | 2.0.4 | 2.0.4 |