CVE-2012-2104 – Munin 2.0~rc4-1 - Remote Command Injection
https://notcve.org/view.php?id=CVE-2012-2104
cgi-bin/munin-cgi-graph in Munin 2.x writes data to a log file without sanitizing non-printable characters, which might allow user-assisted remote attackers to inject terminal emulator escape sequences and execute arbitrary commands or delete arbitrary files via a crafted HTTP request. cgi-bin/munin-cgi-graph en Munin v2.x escribe datos en un archivo de log sin eliminar caracteres no imprimibles, lo que podría permitir a atacantes remotos asistidos por el usuario inyectar secuencias de escape de emulador de terminal y ejecutar comandos arbitrarios o borrar archivos de su elección a través de una solicitud HTTP manipulada. • https://www.exploit-db.com/exploits/37084 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=668666 http://www.openwall.com/lists/oss-security/2012/04/16/5 http://www.openwall.com/lists/oss-security/2012/04/16/6 http://www.securityfocus.com/bid/53032 https://exchange.xforce.ibmcloud.com/vulnerabilities/74885 https://support.citrix.com/article/CTX236992 • CWE-20: Improper Input Validation •
CVE-2012-2103
https://notcve.org/view.php?id=CVE-2012-2103
The qmailscan plugin for Munin 1.4.5 allows local users to overwrite arbitrary files via a symlink attack on temporary files with predictable names. El complemento (qmailscan) para Munin v1.4.5 permite a usuarios locales sobrescribir ficheros arbitrarios a través de un ataque (symlink) en ficheros temporales con nombres predecibles. • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=668778 http://secunia.com/advisories/48859 http://secunia.com/advisories/51218 http://www.openwall.com/lists/oss-security/2012/04/16/5 http://www.openwall.com/lists/oss-security/2012/04/16/6 http://www.securityfocus.com/bid/53031 http://www.ubuntu.com/usn/USN-1622-1 https://bugzilla.redhat.com/show_bug.cgi?id=812889 https://exchange.xforce.ibmcloud.com/vulnerabilities/74884 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVE-2012-4678
https://notcve.org/view.php?id=CVE-2012-4678
munin-cgi-graph for Munin 2.0 rc4 does not delete temporary files, which allows remote attackers to cause a denial of service (disk consumption) via many requests to an image with unique parameters. munin-cgi-graph para Munin v2.0 rc4 no borra los ficheros temporales, lo que permite a atacantes remotos causar una denegación de servicio (consumo de disco) a través de muchas solicitudes a una imagen con parámetros únicos. • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=668667 http://munin-monitoring.org/changeset/4825 http://www.openwall.com/lists/oss-security/2012/04/16/5 http://www.openwall.com/lists/oss-security/2012/04/16/6 http://www.openwall.com/lists/oss-security/2012/04/18/2 http://www.openwall.com/lists/oss-security/2012/04/19/3 http://www.openwall.com/lists/oss-security/2012/04/19/4 http://www.openwall.com/lists/oss-security/2012/04/19/5 http:/ • CWE-399: Resource Management Errors •
CVE-2012-2147
https://notcve.org/view.php?id=CVE-2012-2147
munin-cgi-graph in Munin 2.0 rc4 allows remote attackers to cause a denial of service (disk or memory consumption) via many image requests with large values in the (1) size_x or (2) size_y parameters. munin-cgi-graph en Munin v2.0 rc4 permite a atacantes remotos causar una denegación de servicio (consumo de disco o memoria) a través de muchas solicitudes con valores de gran tamaño en los parámetros (1) size_x o (2)size_y. • http://www.openwall.com/lists/oss-security/2012/04/17/2 http://www.openwall.com/lists/oss-security/2012/04/18/2 http://www.openwall.com/lists/oss-security/2012/04/19/3 http://www.openwall.com/lists/oss-security/2012/04/19/4 http://www.openwall.com/lists/oss-security/2012/04/19/5 http://www.openwall.com/lists/oss-security/2012/04/27/7 http://www.openwall.com/lists/oss-security/2012/04/29/2 https://exchange.xforce.ibmcloud.com/vulnerabilities/ • CWE-399: Resource Management Errors •