FS#57537 - [munin] 2.0.26-4: CVE-2017-6188 Arbitrary file write
Attached to Project:
Arch Linux
Opened by Hannes Dinter (cdo) - Friday, 16 February 2018, 21:50 GMT
Last edited by Antonio Rojas (arojas) - Tuesday, 14 May 2019, 18:50 GMT
Opened by Hannes Dinter (cdo) - Friday, 16 February 2018, 21:50 GMT
Last edited by Antonio Rojas (arojas) - Tuesday, 14 May 2019, 18:50 GMT
|
Details
Description:
A vulnerability in munin < 2.0.30.1 allows local attackers to overwrite any file accessible to the www-data user by setting multiple upper_limit GET parameters when CGI graphs are enabled. [0] https://github.com/munin-monitoring/munin/blob/016489065b81a1457e96c5a0f025113e8f21a76d/ChangeLog [1] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6188 Solution: Update munin to >= 2.0.30.1 (choosing 'High' severity for this bug report as per https://wiki.archlinux.org/index.php/Reporting_bug_guidelines#Severity -- less critical security issue) |
This task depends upon
Closed by Antonio Rojas (arojas)
Tuesday, 14 May 2019, 18:50 GMT
Reason for closing: Fixed
Additional comments about closing: munin 2.0.47
Tuesday, 14 May 2019, 18:50 GMT
Reason for closing: Fixed
Additional comments about closing: munin 2.0.47