FS#57537 : [munin] 2.0.26-4: CVE-2017-6188 Arbitrary file write

FS#57537 - [munin] 2.0.26-4: CVE-2017-6188 Arbitrary file write

Attached to Project: Arch Linux
Opened by Hannes Dinter (cdo) - Friday, 16 February 2018, 21:50 GMT
Last edited by Antonio Rojas (arojas) - Tuesday, 14 May 2019, 18:50 GMT

Task Type	Bug Report
Category	Security
Status	Closed
Assigned To	Dan McGee (toofishes) Levente Polyak (anthraxx)
Architecture	All
Severity	High
Priority	Normal
Reported Version
Due in Version	Undecided
Due Date	Undecided
Percent Complete
Votes	4 Bert Peters (bertptrs) (2019-03-22) Markus Doits (doits) (2018-06-19) drathir (drathir) (2018-03-18) Hannes Dinter (cdo) (2018-02-16)
Private	No

Details

Description:

A vulnerability in munin < 2.0.30.1 allows local attackers to overwrite any file accessible to the www-data user by setting multiple upper_limit GET parameters when CGI graphs are enabled.

[0] https://github.com/munin-monitoring/munin/blob/016489065b81a1457e96c5a0f025113e8f21a76d/ChangeLog
[1] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6188

Solution:

Update munin to >= 2.0.30.1

(choosing 'High' severity for this bug report as per https://wiki.archlinux.org/index.php/Reporting_bug_guidelines#Severity -- less critical security issue)

This task depends upon

Closed by Antonio Rojas (arojas)
Tuesday, 14 May 2019, 18:50 GMT
Reason for closing: Fixed
Additional comments about closing: munin 2.0.47

	Tasks related to this task (0)

Duplicate tasks of this task (0)

Arch Linux

FS#57537 - [munin] 2.0.26-4: CVE-2017-6188 Arbitrary file write

Details

Loading...