Issue Overview:
Munin before 2.0.6 stores plugin state files that run as root in the same group-writable directory as non-root plugins, which allows local users to execute arbitrary code by replacing a state file, as demonstrated using the smart_ plugin.
Affected Packages:
munin
Issue Correction:
Run yum update munin to update your system.
New Packages:
noarch:
munin-common-2.0.6-2.9.amzn1.noarch
munin-async-2.0.6-2.9.amzn1.noarch
munin-2.0.6-2.9.amzn1.noarch
munin-node-2.0.6-2.9.amzn1.noarch
munin-java-plugins-2.0.6-2.9.amzn1.noarch
src:
munin-2.0.6-2.9.amzn1.src
Red Hat: CVE-2012-3512
Mitre: CVE-2012-3512
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Amazon Linux | 1 | noarch | munin-common | < 2.0.6-2.9.amzn1 | munin-common-2.0.6-2.9.amzn1.noarch.rpm |
Amazon Linux | 1 | noarch | munin-async | < 2.0.6-2.9.amzn1 | munin-async-2.0.6-2.9.amzn1.noarch.rpm |
Amazon Linux | 1 | noarch | munin | < 2.0.6-2.9.amzn1 | munin-2.0.6-2.9.amzn1.noarch.rpm |
Amazon Linux | 1 | noarch | munin-node | < 2.0.6-2.9.amzn1 | munin-node-2.0.6-2.9.amzn1.noarch.rpm |
Amazon Linux | 1 | noarch | munin-java-plugins | < 2.0.6-2.9.amzn1 | munin-java-plugins-2.0.6-2.9.amzn1.noarch.rpm |