GLSA Advocate
Joined: 12 May 2004 Posts: 2663
|
Posted: Sun Oct 08, 2017 5:26 pm Post subject: [ GLSA 201710-05 ] Munin |
|
|
Gentoo Linux Security Advisory
Title: Munin: Arbitrary file write (GLSA 201710-05)
Severity: normal
Exploitable: local
Date: 2017-10-08
Bug(s): #610602
ID: 201710-05
Synopsis
A vulnerability in Munin allows local attackers to overwrite any
file accessible to the www-data user.
Background
Munin is an open source server monitoring tool.
Affected Packages
Package: net-analyzer/munin
Vulnerable: < 2.0.33
Unaffected: >= 2.0.33
Architectures: All supported architectures
Description
When Munin is compiled with CGI graphics enabled then the files
accessible to the www-data user can be overwritten.
Impact
A local attacker, by setting multiple upper_limit GET parameters, could
overwrite files accessible to the www-user.
Workaround
There is no known workaround at this time.
Resolution
All Munin users should upgrade to the latest version: Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=net-analyzer/munin-2.0.33"
|
References
CVE-2017-6188
|
|