CVE-2012-3512
21.11.2012, 23:55
Munin before 2.0.6 stores plugin state files that run as root in the same group-writable directory as non-root plugins, which allows local users to execute arbitrary code by replacing a state file, as demonstrated using the smart_ plugin.Enginsight
| Vendor | Product | Version |
|---|---|---|
| munin-monitoring | munin | 𝑥 ≤ 2.0.5 |
| munin-monitoring | munin | 2.0-beta1 |
| munin-monitoring | munin | 2.0-beta2 |
| munin-monitoring | munin | 2.0-beta3 |
| munin-monitoring | munin | 2.0-beta4 |
| munin-monitoring | munin | 2.0-beta5 |
| munin-monitoring | munin | 2.0-beta6 |
| munin-monitoring | munin | 2.0-beta7 |
| munin-monitoring | munin | 2.0-rc1 |
| munin-monitoring | munin | 2.0-rc2 |
| munin-monitoring | munin | 2.0-rc3 |
| munin-monitoring | munin | 2.0-rc4 |
| munin-monitoring | munin | 2.0-rc5 |
| munin-monitoring | munin | 2.0-rc6 |
| munin-monitoring | munin | 2.0-rc7 |
| munin-monitoring | munin | 2.0.0 |
| munin-monitoring | munin | 2.0.1 |
| munin-monitoring | munin | 2.0.2 |
| munin-monitoring | munin | 2.0.3 |
| munin-monitoring | munin | 2.0.4 |
𝑥
= Vulnerable software versions
Debian Releases
Ubuntu Releases
Common Weakness Enumeration
References