Lucene search
AmazonALAS-2012-130HistoryOct 08, 2012 - 10:39 a.m.
Medium: munin
2012-10-0810:39:00
alas.aws.amazon.com
15
0.0004 Low
EPSS
Percentile
5.2%
Issue Overview:
Munin before 2.0.6 stores plugin state files that run as root in the same group-writable directory as non-root plugins, which allows local users to execute arbitrary code by replacing a state file, as demonstrated using the smart_ plugin.
Affected Packages:
munin
Issue Correction:
Run yum update munin to update your system.
New Packages:
noarch:
munin-common-2.0.6-2.9.amzn1.noarch
munin-async-2.0.6-2.9.amzn1.noarch
munin-2.0.6-2.9.amzn1.noarch
munin-node-2.0.6-2.9.amzn1.noarch
munin-java-plugins-2.0.6-2.9.amzn1.noarch
src:
munin-2.0.6-2.9.amzn1.src
Additional References
Red Hat: CVE-2012-3512
Mitre: CVE-2012-3512
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Amazon Linux | 1 | noarch | munin-common | < 2.0.6-2.9.amzn1 | munin-common-2.0.6-2.9.amzn1.noarch.rpm |
| Amazon Linux | 1 | noarch | munin-async | < 2.0.6-2.9.amzn1 | munin-async-2.0.6-2.9.amzn1.noarch.rpm |
| Amazon Linux | 1 | noarch | munin | < 2.0.6-2.9.amzn1 | munin-2.0.6-2.9.amzn1.noarch.rpm |
| Amazon Linux | 1 | noarch | munin-node | < 2.0.6-2.9.amzn1 | munin-node-2.0.6-2.9.amzn1.noarch.rpm |
| Amazon Linux | 1 | noarch | munin-java-plugins | < 2.0.6-2.9.amzn1 | munin-java-plugins-2.0.6-2.9.amzn1.noarch.rpm |
Related
fedora
fedora
[SECURITY] Fedora 17 Update: munin-2.0.6-2.fc17
2012-09-26 09:01:55
[SECURITY] Fedora 16 Update: munin-2.0.6-2.fc16
2012-09-26 09:08:36
[SECURITY] Fedora 18 Update: munin-2.0.6-1.fc18
2012-09-17 21:55:54
ubuntucve
ubuntucve
CVE-2012-3512
2012-08-21 00:00:00
openvas
openvas
Fedora Update for munin FEDORA-2012-13649
2012-09-27 00:00:00
Fedora Update for munin FEDORA-2012-13649
2012-09-27 00:00:00
Amazon Linux: Security Advisory (ALAS-2012-130)
2015-09-08 00:00:00
nessus
nessus
Fedora 17 : munin-2.0.6-2.fc17 (2012-13683)
2012-09-27 00:00:00
Fedora 18 : munin-2.0.6-1.fc18 (2012-13110)
2012-09-18 00:00:00
Amazon Linux AMI : munin (ALAS-2012-130)
2013-09-04 00:00:00
cve
cve
CVE-2012-3512
2012-11-21 23:55:00
debiancve
debiancve
CVE-2012-3512
2012-11-21 23:55:00
prion
prion
Design/Logic Flaw
2012-11-21 23:55:00
cvelist
cvelist
CVE-2012-3512
2012-11-21 23:00:00
osv
osv
munin - security update
2014-08-07 00:00:00
ubuntu
ubuntu
Munin vulnerabilities
2012-11-05 00:00:00
debian
debian
[DLA 20-1] munin security update
2014-08-07 14:50:43
gentoo
gentoo
Munin: Multiple vulnerabilities
2014-05-18 00:00:00
securityvulns
securityvulns
[USN-1622-1] Munin vulnerabilities
2012-11-06 00:00:00
Munin security vulnerabilities
2012-11-06 00:00:00