Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-3512

Overview

Vulnerability Score 7.2 7.2
CVE Id CVE-2012-3512
Last Modified 04 Apr 2013 11:12:18
Published 21 Nov 2012 06:55:01
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2012-3512

Summary

Munin before 2.0.6 stores plugin state files that run as root in the same group-writable directory as non-root plugins, which allows local users to execute arbitrary code by replacing a state file, as demonstrated using the smart_ plugin.

Vulnerable Systems

Application

  • Munin-monitoring Munin 2.0-beta1

  • Munin-monitoring Munin 2.0-beta2

  • Munin-monitoring Munin 2.0-beta3

  • Munin-monitoring Munin 2.0-beta4

  • Munin-monitoring Munin 2.0-beta5

  • Munin-monitoring Munin 2.0-beta6

  • Munin-monitoring Munin 2.0-beta7

  • Munin-monitoring Munin 2.0-rc1

  • Munin-monitoring Munin 2.0-rc2

  • Munin-monitoring Munin 2.0-rc3

  • Munin-monitoring Munin 2.0-rc4

  • Munin-monitoring Munin 2.0-rc5

  • Munin-monitoring Munin 2.0-rc6

  • Munin-monitoring Munin 2.0-rc7

  • Munin-monitoring Munin 2.0.0

  • Munin-monitoring Munin 2.0.1

  • Munin-monitoring Munin 2.0.2

  • Munin-monitoring Munin 2.0.3

  • Munin-monitoring Munin 2.0.4

  • Munin-monitoring Munin 2.0.5

  • Munin-monitoring Munin 2.0.6


References

UBUNTU - USN-1622-1

MLIST - [oss-security] 20120820 Two munin issues, now with CVEs

MISC - http://www.munin-monitoring.org/ticket/1234

CONFIRM - http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=684075

BID - 55698

FEDORA - FEDORA-2012-13649

FEDORA - FEDORA-2012-13683

FEDORA - FEDORA-2012-13110


Last Updated: 27 May 2016 10:58:29