CVE-2012-3512
https://notcve.org/view.php?id=CVE-2012-3512
Munin before 2.0.6 stores plugin state files that run as root in the same group-writable directory as non-root plugins, which allows local users to execute arbitrary code by replacing a state file, as demonstrated using the smart_ plugin. Munin antes de v2.0.6 almacena los archivos de estado de complementos que se ejecutan como root en el mismo directorio escribible por el grupo como complementos no-root, lo que permite a usuarios locales ejecutar código arbitrario mediante la sustitución de un archivo de estado, como se ha demostrado con complemento smart_. • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=684075 http://lists.fedoraproject.org/pipermail/package-announce/2012-September/086375.html http://lists.fedoraproject.org/pipermail/package-announce/2012-September/088239.html http://lists.fedoraproject.org/pipermail/package-announce/2012-September/088260.html http://www.munin-monitoring.org/ticket/1234 http://www.openwall.com/lists/oss-security/2012/08/21/1 http://www.securityfocus.com/bid/55698 http://www.ubuntu.com/usn/USN-1622-1 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2012-2104 – Munin 2.0~rc4-1 - Remote Command Injection
https://notcve.org/view.php?id=CVE-2012-2104
cgi-bin/munin-cgi-graph in Munin 2.x writes data to a log file without sanitizing non-printable characters, which might allow user-assisted remote attackers to inject terminal emulator escape sequences and execute arbitrary commands or delete arbitrary files via a crafted HTTP request. cgi-bin/munin-cgi-graph en Munin v2.x escribe datos en un archivo de log sin eliminar caracteres no imprimibles, lo que podría permitir a atacantes remotos asistidos por el usuario inyectar secuencias de escape de emulador de terminal y ejecutar comandos arbitrarios o borrar archivos de su elección a través de una solicitud HTTP manipulada. • https://www.exploit-db.com/exploits/37084 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=668666 http://www.openwall.com/lists/oss-security/2012/04/16/5 http://www.openwall.com/lists/oss-security/2012/04/16/6 http://www.securityfocus.com/bid/53032 https://exchange.xforce.ibmcloud.com/vulnerabilities/74885 https://support.citrix.com/article/CTX236992 • CWE-20: Improper Input Validation •
CVE-2012-4678
https://notcve.org/view.php?id=CVE-2012-4678
munin-cgi-graph for Munin 2.0 rc4 does not delete temporary files, which allows remote attackers to cause a denial of service (disk consumption) via many requests to an image with unique parameters. munin-cgi-graph para Munin v2.0 rc4 no borra los ficheros temporales, lo que permite a atacantes remotos causar una denegación de servicio (consumo de disco) a través de muchas solicitudes a una imagen con parámetros únicos. • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=668667 http://munin-monitoring.org/changeset/4825 http://www.openwall.com/lists/oss-security/2012/04/16/5 http://www.openwall.com/lists/oss-security/2012/04/16/6 http://www.openwall.com/lists/oss-security/2012/04/18/2 http://www.openwall.com/lists/oss-security/2012/04/19/3 http://www.openwall.com/lists/oss-security/2012/04/19/4 http://www.openwall.com/lists/oss-security/2012/04/19/5 http:/ • CWE-399: Resource Management Errors •
CVE-2012-2147
https://notcve.org/view.php?id=CVE-2012-2147
munin-cgi-graph in Munin 2.0 rc4 allows remote attackers to cause a denial of service (disk or memory consumption) via many image requests with large values in the (1) size_x or (2) size_y parameters. munin-cgi-graph en Munin v2.0 rc4 permite a atacantes remotos causar una denegación de servicio (consumo de disco o memoria) a través de muchas solicitudes con valores de gran tamaño en los parámetros (1) size_x o (2)size_y. • http://www.openwall.com/lists/oss-security/2012/04/17/2 http://www.openwall.com/lists/oss-security/2012/04/18/2 http://www.openwall.com/lists/oss-security/2012/04/19/3 http://www.openwall.com/lists/oss-security/2012/04/19/4 http://www.openwall.com/lists/oss-security/2012/04/19/5 http://www.openwall.com/lists/oss-security/2012/04/27/7 http://www.openwall.com/lists/oss-security/2012/04/29/2 https://exchange.xforce.ibmcloud.com/vulnerabilities/ • CWE-399: Resource Management Errors •