Page 2 of 7 results (0.003 seconds)

CVSS: 7.2EPSS: 0%CPEs: 20EXPL: 2

Munin before 2.0.6 stores plugin state files that run as root in the same group-writable directory as non-root plugins, which allows local users to execute arbitrary code by replacing a state file, as demonstrated using the smart_ plugin. Munin antes de v2.0.6 almacena los archivos de estado de complementos que se ejecutan como root en el mismo directorio escribible por el grupo como complementos no-root, lo que permite a usuarios locales ejecutar código arbitrario mediante la sustitución de un archivo de estado, como se ha demostrado con complemento smart_. • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=684075 http://lists.fedoraproject.org/pipermail/package-announce/2012-September/086375.html http://lists.fedoraproject.org/pipermail/package-announce/2012-September/088239.html http://lists.fedoraproject.org/pipermail/package-announce/2012-September/088260.html http://www.munin-monitoring.org/ticket/1234 http://www.openwall.com/lists/oss-security/2012/08/21/1 http://www.securityfocus.com/bid/55698 http://www.ubuntu.com/usn/USN-1622-1 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 1.2EPSS: 0%CPEs: 1EXPL: 0

The qmailscan plugin for Munin 1.4.5 allows local users to overwrite arbitrary files via a symlink attack on temporary files with predictable names. El complemento (qmailscan) para Munin v1.4.5 permite a usuarios locales sobrescribir ficheros arbitrarios a través de un ataque (symlink) en ficheros temporales con nombres predecibles. • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=668778 http://secunia.com/advisories/48859 http://secunia.com/advisories/51218 http://www.openwall.com/lists/oss-security/2012/04/16/5 http://www.openwall.com/lists/oss-security/2012/04/16/6 http://www.securityfocus.com/bid/53031 http://www.ubuntu.com/usn/USN-1622-1 https://bugzilla.redhat.com/show_bug.cgi?id=812889 https://exchange.xforce.ibmcloud.com/vulnerabilities/74884 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •