GoogleOSV:DSA-2815-1munin - denial of service
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.007 Low
EPSS
Percentile
77.5%
Christoph Biedl discovered two denial of service vulnerabilities in
munin, a network-wide graphing framework. The Common Vulnerabilities and
Exposures project identifies the following problems:
- CVE-2013-6048
The Munin::Master::Node module of munin does not properly validate
certain data a node sends. A malicious node might exploit this to
drive the munin-html process into an infinite loop with memory
exhaustion on the munin master. - CVE-2013-6359
A malicious node, with a plugin enabled using multigraph as a
multigraph service name, can abort data collection for the entire
node the plugin runs on.
For the stable distribution (wheezy), these problems have been fixed in
version 2.0.6-4+deb7u2.
For the testing distribution (jessie), these problems have been fixed in
version 2.0.18-1.
For the unstable distribution (sid), these problems have been fixed in
version 2.0.18-1.
We recommend that you upgrade your munin packages.
| CPE | Name | Operator | Version |
|---|---|---|---|
| munin | eq | 2.0.6-4 | |
| munin | eq | 2.0.6-4+deb7u1 | |
| munin | eq | 2.0.6-4+deb7u1~bpo60+1 | |
| munin | eq | 2.0.6-4+deb7u2~bpo60+1 |
References
Related
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.007 Low
EPSS
Percentile
77.5%