The Munin::Master::Node module of munin does not properly validate
certain data a node sends. A malicious node might exploit this to drive
the munin-html process into an infinite loop with memory exhaustion
on the munin master (CVE-2013-6048).
A malicious node, with a plugin enabled using multigraph as a
multigraph service name, can abort data collection for the entire
node the plugin runs on (CVE-2013-6359).
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
{"id": "SECURITYVULNS:DOC:30200", "bulletinFamily": "software", "title": "[ MDVSA-2013:297 ] munin", "description": "\r\n\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n _______________________________________________________________________\r\n\r\n Mandriva Linux Security Advisory MDVSA-2013:297\r\n http://www.mandriva.com/en/support/security/\r\n _______________________________________________________________________\r\n\r\n Package : munin\r\n Date : December 20, 2013\r\n Affected: Business Server 1.0\r\n _______________________________________________________________________\r\n\r\n Problem Description:\r\n\r\n Updated munin packages fix security vulnerabilities:\r\n \r\n The Munin::Master::Node module of munin does not properly validate\r\n certain data a node sends. A malicious node might exploit this to drive\r\n the munin-html process into an infinite loop with memory exhaustion\r\n on the munin master (CVE-2013-6048).\r\n \r\n A malicious node, with a plugin enabled using multigraph as a\r\n multigraph service name, can abort data collection for the entire\r\n node the plugin runs on (CVE-2013-6359).\r\n _______________________________________________________________________\r\n\r\n References:\r\n\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6048\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6359\r\n http://advisories.mageia.org/MGASA-2013-0378.html\r\n _______________________________________________________________________\r\n\r\n Updated Packages:\r\n\r\n Mandriva Business Server 1/X86_64:\r\n b20e89d5a943f0d3deadb324091ab6ef mbs1/x86_64/munin-2.0-0.rc5.3.2.mbs1.noarch.rpm\r\n 4ae6191940301c45b1ce7b32fa625122 mbs1/x86_64/munin-master-2.0-0.rc5.3.2.mbs1.noarch.rpm\r\n 3a02701b006afcd70430c4de7e96c7e8 mbs1/x86_64/munin-node-2.0-0.rc5.3.2.mbs1.noarch.rpm \r\n d07ea1401e5ab3415c2576281ec60aee mbs1/SRPMS/munin-2.0-0.rc5.3.2.mbs1.src.rpm\r\n _______________________________________________________________________\r\n\r\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\r\n of md5 checksums and GPG signatures is performed automatically for you.\r\n\r\n All packages are signed by Mandriva for security. You can obtain the\r\n GPG public key of the Mandriva Security Team by executing:\r\n\r\n gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\r\n\r\n You can view other update advisories for Mandriva Linux at:\r\n\r\n http://www.mandriva.com/en/support/security/advisories/\r\n\r\n If you want to report vulnerabilities, please contact\r\n\r\n security_(at)_mandriva.com\r\n _______________________________________________________________________\r\n\r\n Type Bits/KeyID Date User ID\r\n pub 1024D/22458A98 2000-07-10 Mandriva Security Team\r\n <security*mandriva.com>\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.12 (GNU/Linux)\r\n\r\niD8DBQFStB67mqjQ0CJFipgRAqvjAJ9ufBj1kR8aWaw3XlBYKR6RaBCDuwCgtKPu\r\neGZL88vNG4OY02tCGXazt58=\r\n=7+/H\r\n-----END PGP SIGNATURE-----\r\n", "published": "2014-01-09T00:00:00", "modified": "2014-01-09T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:30200", "reporter": "Securityvulns", "references": [], "cvelist": ["CVE-2013-6048", "CVE-2013-6359"], "type": "securityvulns", "lastseen": "2018-08-31T11:10:50", "edition": 1, "viewCount": 4, "enchantments": {"score": {"value": 6.2, "vector": "NONE", "modified": "2018-08-31T11:10:50", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2013-6359", "CVE-2013-6048"]}, {"type": "debian", "idList": ["DEBIAN:DSA-2815-1:76E5D", "DEBIAN:DLA-20-1:FBD14"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310867297", "OPENVAS:892815", "OPENVAS:1361412562310867154", "OPENVAS:867667", "OPENVAS:841695", "OPENVAS:867671", "OPENVAS:1361412562310867667", "OPENVAS:1361412562310120567", "OPENVAS:867297", "OPENVAS:1361412562310867671"]}, {"type": "amazon", "idList": ["ALAS-2014-348", "ALAS-2014-275"]}, {"type": "nessus", "idList": ["ALA_ALAS-2014-348.NASL", "UBUNTU_USN-2090-1.NASL", "FEDORA_2014-4542.NASL", "FEDORA_2013-22993.NASL", "MANDRIVA_MDVSA-2013-297.NASL", "FEDORA_2013-23016.NASL", "FEDORA_2013-22968.NASL", "ALA_ALAS-2014-275.NASL", "DEBIAN_DSA-2815.NASL", "FEDORA_2014-4462.NASL"]}, {"type": "ubuntu", "idList": ["USN-2090-1"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:13507"]}], "modified": "2018-08-31T11:10:50", "rev": 2}, "vulnersScore": 6.2}, "affectedSoftware": [], "immutableFields": []}
{"cve": [{"lastseen": "2021-02-02T06:06:59", "description": "Munin::Master::Node in Munin before 2.0.18 allows remote attackers to cause a denial of service (abort data collection for node) via a plugin that uses \"multigraph\" as a multigraph service name.", "edition": 6, "cvss3": {}, "published": "2013-12-13T18:55:00", "title": "CVE-2013-6359", "type": "cve", "cwe": ["CWE-20"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-6359"], "modified": "2014-03-06T04:49:00", "cpe": ["cpe:/a:munin-monitoring:munin:2.0.6", "cpe:/a:munin-monitoring:munin:2.0.17", "cpe:/a:munin-monitoring:munin:2.0.14", "cpe:/a:munin-monitoring:munin:2.0.15", "cpe:/a:munin-monitoring:munin:2.0.16", "cpe:/a:munin-monitoring:munin:2.0.9", "cpe:/a:munin-monitoring:munin:2.0.1", "cpe:/a:munin-monitoring:munin:2.0.11.1", "cpe:/a:munin-monitoring:munin:2.0.11", "cpe:/a:munin-monitoring:munin:2.0.12", "cpe:/a:munin-monitoring:munin:2.0.2", "cpe:/a:munin-monitoring:munin:2.0.0", "cpe:/a:munin-monitoring:munin:2.0.13", "cpe:/a:munin-monitoring:munin:2.0.10", "cpe:/a:munin-monitoring:munin:2.0.7", "cpe:/a:munin-monitoring:munin:2.0.3", "cpe:/a:munin-monitoring:munin:2.0.8", "cpe:/a:munin-monitoring:munin:2.0.5", "cpe:/a:munin-monitoring:munin:2.0.4"], "id": "CVE-2013-6359", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6359", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:munin-monitoring:munin:2.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:munin-monitoring:munin:2.0.14:*:*:*:*:*:*:*", "cpe:2.3:a:munin-monitoring:munin:2.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:munin-monitoring:munin:2.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:munin-monitoring:munin:2.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:munin-monitoring:munin:2.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:munin-monitoring:munin:2.0.17:*:*:*:*:*:*:*", "cpe:2.3:a:munin-monitoring:munin:2.0.15:*:*:*:*:*:*:*", "cpe:2.3:a:munin-monitoring:munin:2.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:munin-monitoring:munin:2.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:munin-monitoring:munin:2.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:munin-monitoring:munin:2.0.11.1:*:*:*:*:*:*:*", "cpe:2.3:a:munin-monitoring:munin:2.0.12:*:*:*:*:*:*:*", "cpe:2.3:a:munin-monitoring:munin:2.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:munin-monitoring:munin:2.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:munin-monitoring:munin:2.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:munin-monitoring:munin:2.0.16:*:*:*:*:*:*:*", "cpe:2.3:a:munin-monitoring:munin:2.0.13:*:*:*:*:*:*:*", "cpe:2.3:a:munin-monitoring:munin:2.0.7:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T06:06:59", "description": "The get_group_tree function in lib/Munin/Master/HTMLConfig.pm in Munin before 2.0.18 allows remote nodes to cause a denial of service (infinite loop and memory consumption in the munin-html process) via crafted multigraph data.", "edition": 6, "cvss3": {}, "published": "2013-12-13T18:55:00", "title": "CVE-2013-6048", "type": "cve", "cwe": ["CWE-20"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-6048"], "modified": "2014-03-06T04:49:00", "cpe": ["cpe:/a:munin-monitoring:munin:2.0.6", "cpe:/a:munin-monitoring:munin:2.0.17", "cpe:/a:munin-monitoring:munin:2.0.14", "cpe:/a:munin-monitoring:munin:2.0.15", "cpe:/a:munin-monitoring:munin:2.0.16", "cpe:/a:munin-monitoring:munin:2.0.9", "cpe:/a:munin-monitoring:munin:2.0.1", "cpe:/a:munin-monitoring:munin:2.0.11.1", "cpe:/a:munin-monitoring:munin:2.0.11", "cpe:/a:munin-monitoring:munin:2.0.12", "cpe:/a:munin-monitoring:munin:2.0.2", "cpe:/a:munin-monitoring:munin:2.0.0", "cpe:/a:munin-monitoring:munin:2.0.13", "cpe:/a:munin-monitoring:munin:2.0.10", "cpe:/a:munin-monitoring:munin:2.0.7", "cpe:/a:munin-monitoring:munin:2.0.3", "cpe:/a:munin-monitoring:munin:2.0.8", "cpe:/a:munin-monitoring:munin:2.0.5", "cpe:/a:munin-monitoring:munin:2.0.4"], "id": "CVE-2013-6048", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6048", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:munin-monitoring:munin:2.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:munin-monitoring:munin:2.0.14:*:*:*:*:*:*:*", "cpe:2.3:a:munin-monitoring:munin:2.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:munin-monitoring:munin:2.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:munin-monitoring:munin:2.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:munin-monitoring:munin:2.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:munin-monitoring:munin:2.0.17:*:*:*:*:*:*:*", "cpe:2.3:a:munin-monitoring:munin:2.0.15:*:*:*:*:*:*:*", "cpe:2.3:a:munin-monitoring:munin:2.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:munin-monitoring:munin:2.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:munin-monitoring:munin:2.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:munin-monitoring:munin:2.0.11.1:*:*:*:*:*:*:*", "cpe:2.3:a:munin-monitoring:munin:2.0.12:*:*:*:*:*:*:*", "cpe:2.3:a:munin-monitoring:munin:2.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:munin-monitoring:munin:2.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:munin-monitoring:munin:2.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:munin-monitoring:munin:2.0.16:*:*:*:*:*:*:*", "cpe:2.3:a:munin-monitoring:munin:2.0.13:*:*:*:*:*:*:*", "cpe:2.3:a:munin-monitoring:munin:2.0.7:*:*:*:*:*:*:*"]}], "ubuntu": [{"lastseen": "2020-07-02T11:39:35", "bulletinFamily": "unix", "cvelist": ["CVE-2013-6048", "CVE-2013-6359"], "description": "Christoph Biedl discovered that Munin incorrectly handled certain \nmultigraph data. A remote attacker could use this issue to cause Munin to \nconsume resources, resulting in a denial of service. (CVE-2013-6048)\n\nChristoph Biedl discovered that Munin incorrectly handled certain \nmultigraph service names. A remote attacker could use this issue to cause \nMunin to stop data collection, resulting in a denial of service. \n(CVE-2013-6359)", "edition": 5, "modified": "2014-01-27T00:00:00", "published": "2014-01-27T00:00:00", "id": "USN-2090-1", "href": "https://ubuntu.com/security/notices/USN-2090-1", "title": "Munin vulnerabilities", "type": "ubuntu", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "debian": [{"lastseen": "2020-08-12T01:07:37", "bulletinFamily": "unix", "cvelist": ["CVE-2013-6048", "CVE-2013-6359"], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-2815-1 security@debian.org\nhttp://www.debian.org/security/ Salvatore Bonaccorso\nDecember 09, 2013 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : munin\nVulnerability : denial of service\nProblem type : remote\nDebian-specific: no\nCVE ID : CVE-2013-6048 CVE-2013-6359\n\nChristoph Biedl discovered two denial of service vulnerabilities in\nmunin, a network-wide graphing framework. The Common Vulnerabilities and\nExposures project identifies the following problems:\n\nCVE-2013-6048\n\n The Munin::Master::Node module of munin does not properly validate\n certain data a node sends. A malicious node might exploit this to\n drive the munin-html process into an infinite loop with memory\n exhaustion on the munin master.\n\nCVE-2013-6359\n\n A malicious node, with a plugin enabled using "multigraph" as a\n multigraph service name, can abort data collection for the entire\n node the plugin runs on.\n\nFor the stable distribution (wheezy), these problems have been fixed in\nversion 2.0.6-4+deb7u2.\n\nFor the testing distribution (jessie), these problems have been fixed in\nversion 2.0.18-1.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 2.0.18-1.\n\nWe recommend that you upgrade your munin packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: http://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 7, "modified": "2013-12-09T22:14:37", "published": "2013-12-09T22:14:37", "id": "DEBIAN:DSA-2815-1:76E5D", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2013/msg00229.html", "title": "[SECURITY] [DSA 2815-1] munin security update", "type": "debian", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-11-11T13:28:27", "bulletinFamily": "unix", "cvelist": ["CVE-2012-3512", "CVE-2013-6048", "CVE-2013-6359"], "description": "Package : munin\nVersion : 1.4.5-3+deb6u1\nCVE ID : CVE-2012-3512 CVE-2013-6048 CVE-2013-6359\n\n[ Christoph Biedl ]\n* munin-node: more secure state file handling, introducing a new plugin\n state directory root, owned by uid 0. Then each plugin runs in its own\n UID plugin state directory, owned by that UID. (Closes: #684075),\n (Closes: #679897), closes CVE-2012-3512.\n* plugins: use runtime $ENV{MUNIN_PLUGSTATE}. So all properly written\n plugins will use /var/lib/munin-node/plugin-state/$uid/$some_file now -\n please report plugins that are still using /var/lib/munin/plugin-state/ -\n as those might pose a security risk!\n* Validate multigraph plugin name, CVE-2013-6048.\n* Don't abort data collection for a node due to malicious node, fixing\n munin#1397, CVE-2013-6359.\n", "edition": 7, "modified": "2014-08-07T14:50:43", "published": "2014-08-07T14:50:43", "id": "DEBIAN:DLA-20-1:FBD14", "href": "https://lists.debian.org/debian-lts-announce/2014/debian-lts-announce-201408/msg00004.html", "title": "[DLA 20-1] munin security update", "type": "debian", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "amazon": [{"lastseen": "2020-11-10T12:36:41", "bulletinFamily": "unix", "cvelist": ["CVE-2013-6048", "CVE-2013-6359"], "description": "**Issue Overview:**\n\nThe get_group_tree function in lib/Munin/Master/HTMLConfig.pm in Munin before 2.0.18 allows remote nodes to cause a denial of service (infinite loop and memory consumption in the munin-html process) via crafted multigraph data.\n\nMunin::Master::Node in Munin before 2.0.18 allows remote attackers to cause a denial of service (abort data collection for node) via a plugin that uses \"multigraph\" as a multigraph service name.\n\n \n**Affected Packages:** \n\n\nmunin\n\n \n**Issue Correction:** \nRun _yum update munin_ to update your system.\n\n \n\n\n**New Packages:**\n \n \n noarch: \n munin-async-2.0.20-1.36.amzn1.noarch \n munin-nginx-2.0.20-1.36.amzn1.noarch \n munin-cgi-2.0.20-1.36.amzn1.noarch \n munin-ruby-plugins-2.0.20-1.36.amzn1.noarch \n munin-2.0.20-1.36.amzn1.noarch \n munin-netip-plugins-2.0.20-1.36.amzn1.noarch \n munin-common-2.0.20-1.36.amzn1.noarch \n munin-node-2.0.20-1.36.amzn1.noarch \n munin-java-plugins-2.0.20-1.36.amzn1.noarch \n \n src: \n munin-2.0.20-1.36.amzn1.src \n \n \n", "edition": 4, "modified": "2014-06-03T15:03:00", "published": "2014-06-03T15:03:00", "id": "ALAS-2014-348", "href": "https://alas.aws.amazon.com/ALAS-2014-348.html", "title": "Low: munin", "type": "amazon", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-11-10T12:35:55", "bulletinFamily": "unix", "cvelist": ["CVE-2013-6048", "CVE-2013-6359"], "description": "**Issue Overview:**\n\nThe get_group_tree function in lib/Munin/Master/HTMLConfig.pm in Munin before 2.0.18 allows remote nodes to cause a denial of service (infinite loop and memory consumption in the munin-html process) via crafted multigraph data. \n\nMunin::Master::Node in Munin before 2.0.18 allows remote attackers to cause a denial of service (abort data collection for node) via a plugin that uses \"multigraph\" as a multigraph service name. \n\n \n**Affected Packages:** \n\n\nmunin\n\n \n**Issue Correction:** \nRun _yum update munin_ to update your system.\n\n \n\n\n**New Packages:**\n \n \n noarch: \n munin-cgi-2.0.19-1.32.amzn1.noarch \n munin-common-2.0.19-1.32.amzn1.noarch \n munin-node-2.0.19-1.32.amzn1.noarch \n munin-nginx-2.0.19-1.32.amzn1.noarch \n munin-netip-plugins-2.0.19-1.32.amzn1.noarch \n munin-2.0.19-1.32.amzn1.noarch \n munin-java-plugins-2.0.19-1.32.amzn1.noarch \n munin-async-2.0.19-1.32.amzn1.noarch \n munin-ruby-plugins-2.0.19-1.32.amzn1.noarch \n \n src: \n munin-2.0.19-1.32.amzn1.src \n \n \n", "edition": 4, "modified": "2014-01-14T15:57:00", "published": "2014-01-14T15:57:00", "id": "ALAS-2014-275", "href": "https://alas.aws.amazon.com/ALAS-2014-275.html", "title": "Medium: munin", "type": "amazon", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "fedora": [{"lastseen": "2020-12-21T08:17:52", "bulletinFamily": "unix", "cvelist": ["CVE-2013-6048", "CVE-2013-6359"], "description": "Munin is a highly flexible and powerful solution used to create graphs of virtually everything imaginable throughout your network, while still maintaining a rattling ease of installation and configuration. This package contains the grapher/gatherer. You will only need one instance of it in your network. It will periodically poll all the nodes in your network it's aware of for data, which it in turn will use to create graphs and HTML pages, suitable for viewing with your graphical web browser of choice. Munin is written in Perl, and relies heavily on Tobi Oetiker's excellent RRDtool. Creaete a munin web user after installing: htpasswd -bc /etc/munin/munin-htpasswd MUNIN_WEB_USER PASSWORD ", "modified": "2013-12-16T07:08:23", "published": "2013-12-16T07:08:23", "id": "FEDORA:BDF72230B5", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 20 Update: munin-2.0.19-1.fc20", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-12-21T08:17:52", "bulletinFamily": "unix", "cvelist": ["CVE-2013-6048", "CVE-2013-6359"], "description": "Munin is a highly flexible and powerful solution used to create graphs of virtually everything imaginable throughout your network, while still maintaining a rattling ease of installation and configuration. This package contains the grapher/gatherer. You will only need one instance of it in your network. It will periodically poll all the nodes in your network it's aware of for data, which it in turn will use to create graphs and HTML pages, suitable for viewing with your graphical web browser of choice. Munin is written in Perl, and relies heavily on Tobi Oetiker's excellent RRDtool. Creaete a munin web user after installing: htpasswd -bc /etc/munin/munin-htpasswd MUNIN_WEB_USER PASSWORD ", "modified": "2014-04-07T03:26:57", "published": "2014-04-07T03:26:57", "id": "FEDORA:D737421A25", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 19 Update: munin-2.0.20-1.fc19", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-12-21T08:17:52", "bulletinFamily": "unix", "cvelist": ["CVE-2013-6048", "CVE-2013-6359"], "description": "Munin is a highly flexible and powerful solution used to create graphs of virtually everything imaginable throughout your network, while still maintaining a rattling ease of installation and configuration. This package contains the grapher/gatherer. You will only need one instance of it in your network. It will periodically poll all the nodes in your network it's aware of for data, which it in turn will use to create graphs and HTML pages, suitable for viewing with your graphical web browser of choice. Munin is written in Perl, and relies heavily on Tobi Oetiker's excellent RRDtool. Creaete a munin web user after installing: htpasswd -bc /etc/munin/munin-htpasswd MUNIN_WEB_USER PASSWORD ", "modified": "2013-12-16T23:02:04", "published": "2013-12-16T23:02:04", "id": "FEDORA:EAE2422C49", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 19 Update: munin-2.0.19-1.fc19", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-12-21T08:17:52", "bulletinFamily": "unix", "cvelist": ["CVE-2013-6048", "CVE-2013-6359"], "description": "Munin is a highly flexible and powerful solution used to create graphs of virtually everything imaginable throughout your network, while still maintaining a rattling ease of installation and configuration. This package contains the grapher/gatherer. You will only need one instance of it in your network. It will periodically poll all the nodes in your network it's aware of for data, which it in turn will use to create graphs and HTML pages, suitable for viewing with your graphical web browser of choice. Munin is written in Perl, and relies heavily on Tobi Oetiker's excellent RRDtool. Creaete a munin web user after installing: htpasswd -bc /etc/munin/munin-htpasswd MUNIN_WEB_USER PASSWORD ", "modified": "2014-04-07T03:26:28", "published": "2014-04-07T03:26:28", "id": "FEDORA:985A3218EB", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 20 Update: munin-2.0.20-1.fc20", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-12-21T08:17:52", "bulletinFamily": "unix", "cvelist": ["CVE-2013-6048", "CVE-2013-6359"], "description": "Munin is a highly flexible and powerful solution used to create graphs of virtually everything imaginable throughout your network, while still maintaining a rattling ease of installation and configuration. This package contains the grapher/gatherer. You will only need one instance of it in your network. It will periodically poll all the nodes in your network it's aware of for data, which it in turn will use to create graphs and HTML pages, suitable for viewing with your graphical web browser of choice. Munin is written in Perl, and relies heavily on Tobi Oetiker's excellent RRDtool. Creaete a munin web user after installing: htpasswd -bc /etc/munin/munin-htpasswd MUNIN_WEB_USER PASSWORD ", "modified": "2013-12-16T23:03:46", "published": "2013-12-16T23:03:46", "id": "FEDORA:08F9622CC4", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 18 Update: munin-2.0.19-1.fc18", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "nessus": [{"lastseen": "2021-01-12T10:11:33", "description": "Upstream update to 2.0.19, fixes CVE-2013-6359\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 13, "published": "2013-12-17T00:00:00", "title": "Fedora 18 : munin-2.0.19-1.fc18 (2013-22993)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-6048", "CVE-2013-6359"], "modified": "2013-12-17T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:18", "p-cpe:/a:fedoraproject:fedora:munin"], "id": "FEDORA_2013-22993.NASL", "href": "https://www.tenable.com/plugins/nessus/71483", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2013-22993.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(71483);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2013-6048\", \"CVE-2013-6359\");\n script_xref(name:\"FEDORA\", value:\"2013-22993\");\n\n script_name(english:\"Fedora 18 : munin-2.0.19-1.fc18 (2013-22993)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Upstream update to 2.0.19, fixes CVE-2013-6359\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1037888\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2013-December/124186.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?78a83075\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected munin package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:munin\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:18\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/12/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/12/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^18([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 18.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC18\", reference:\"munin-2.0.19-1.fc18\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"munin\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-12T10:11:33", "description": "Upstream update to 2.0.19, fixes CVE-2013-6359\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 13, "published": "2013-12-17T00:00:00", "title": "Fedora 19 : munin-2.0.19-1.fc19 (2013-23016)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-6048", "CVE-2013-6359"], "modified": "2013-12-17T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:19", "p-cpe:/a:fedoraproject:fedora:munin"], "id": "FEDORA_2013-23016.NASL", "href": "https://www.tenable.com/plugins/nessus/71484", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2013-23016.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(71484);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2013-6048\", \"CVE-2013-6359\");\n script_xref(name:\"FEDORA\", value:\"2013-23016\");\n\n script_name(english:\"Fedora 19 : munin-2.0.19-1.fc19 (2013-23016)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Upstream update to 2.0.19, fixes CVE-2013-6359\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1037888\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2013-December/124182.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?ffa88bf3\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected munin package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:munin\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:19\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/12/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/12/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^19([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 19.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC19\", reference:\"munin-2.0.19-1.fc19\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"munin\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-04-01T01:23:06", "description": "The get_group_tree function in lib/Munin/Master/HTMLConfig.pm in Munin\nbefore 2.0.18 allows remote nodes to cause a denial of service\n(infinite loop and memory consumption in the munin-html process) via\ncrafted multigraph data.\n\nMunin::Master::Node in Munin before 2.0.18 allows remote attackers to\ncause a denial of service (abort data collection for node) via a\nplugin that uses 'multigraph' as a multigraph service name.", "edition": 27, "published": "2014-02-05T00:00:00", "title": "Amazon Linux AMI : munin (ALAS-2014-275)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-6048", "CVE-2013-6359"], "modified": "2021-04-02T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:munin-node", "p-cpe:/a:amazon:linux:munin-netip-plugins", "p-cpe:/a:amazon:linux:munin", "p-cpe:/a:amazon:linux:munin-java-plugins", "p-cpe:/a:amazon:linux:munin-nginx", "p-cpe:/a:amazon:linux:munin-cgi", "p-cpe:/a:amazon:linux:munin-ruby-plugins", "p-cpe:/a:amazon:linux:munin-async", "cpe:/o:amazon:linux", "p-cpe:/a:amazon:linux:munin-common"], "id": "ALA_ALAS-2014-275.NASL", "href": "https://www.tenable.com/plugins/nessus/72293", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2014-275.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(72293);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2018/04/18 15:09:35\");\n\n script_cve_id(\"CVE-2013-6048\", \"CVE-2013-6359\");\n script_xref(name:\"ALAS\", value:\"2014-275\");\n\n script_name(english:\"Amazon Linux AMI : munin (ALAS-2014-275)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The get_group_tree function in lib/Munin/Master/HTMLConfig.pm in Munin\nbefore 2.0.18 allows remote nodes to cause a denial of service\n(infinite loop and memory consumption in the munin-html process) via\ncrafted multigraph data.\n\nMunin::Master::Node in Munin before 2.0.18 allows remote attackers to\ncause a denial of service (abort data collection for node) via a\nplugin that uses 'multigraph' as a multigraph service name.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2014-275.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update munin' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:munin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:munin-async\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:munin-cgi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:munin-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:munin-java-plugins\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:munin-netip-plugins\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:munin-nginx\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:munin-node\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:munin-ruby-plugins\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/01/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/02/05\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"munin-2.0.19-1.32.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"munin-async-2.0.19-1.32.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"munin-cgi-2.0.19-1.32.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"munin-common-2.0.19-1.32.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"munin-java-plugins-2.0.19-1.32.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"munin-netip-plugins-2.0.19-1.32.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"munin-nginx-2.0.19-1.32.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"munin-node-2.0.19-1.32.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"munin-ruby-plugins-2.0.19-1.32.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"munin / munin-async / munin-cgi / munin-common / munin-java-plugins / etc\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-04-01T01:23:15", "description": "The get_group_tree function in lib/Munin/Master/HTMLConfig.pm in Munin\nbefore 2.0.18 allows remote nodes to cause a denial of service\n(infinite loop and memory consumption in the munin-html process) via\ncrafted multigraph data.\n\nMunin::Master::Node in Munin before 2.0.18 allows remote attackers to\ncause a denial of service (abort data collection for node) via a\nplugin that uses 'multigraph' as a multigraph service name.", "edition": 27, "published": "2014-10-12T00:00:00", "title": "Amazon Linux AMI : munin (ALAS-2014-348)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-6048", "CVE-2013-6359"], "modified": "2021-04-02T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:munin-node", "p-cpe:/a:amazon:linux:munin-netip-plugins", "p-cpe:/a:amazon:linux:munin", "p-cpe:/a:amazon:linux:munin-java-plugins", "p-cpe:/a:amazon:linux:munin-nginx", "p-cpe:/a:amazon:linux:munin-cgi", "p-cpe:/a:amazon:linux:munin-ruby-plugins", "p-cpe:/a:amazon:linux:munin-async", "cpe:/o:amazon:linux", "p-cpe:/a:amazon:linux:munin-common"], "id": "ALA_ALAS-2014-348.NASL", "href": "https://www.tenable.com/plugins/nessus/78291", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2014-348.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(78291);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2018/04/18 15:09:35\");\n\n script_cve_id(\"CVE-2013-6048\", \"CVE-2013-6359\");\n script_xref(name:\"ALAS\", value:\"2014-348\");\n\n script_name(english:\"Amazon Linux AMI : munin (ALAS-2014-348)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The get_group_tree function in lib/Munin/Master/HTMLConfig.pm in Munin\nbefore 2.0.18 allows remote nodes to cause a denial of service\n(infinite loop and memory consumption in the munin-html process) via\ncrafted multigraph data.\n\nMunin::Master::Node in Munin before 2.0.18 allows remote attackers to\ncause a denial of service (abort data collection for node) via a\nplugin that uses 'multigraph' as a multigraph service name.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2014-348.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update munin' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:munin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:munin-async\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:munin-cgi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:munin-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:munin-java-plugins\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:munin-netip-plugins\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:munin-nginx\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:munin-node\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:munin-ruby-plugins\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/06/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/10/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"munin-2.0.20-1.36.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"munin-async-2.0.20-1.36.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"munin-cgi-2.0.20-1.36.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"munin-common-2.0.20-1.36.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"munin-java-plugins-2.0.20-1.36.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"munin-netip-plugins-2.0.20-1.36.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"munin-nginx-2.0.20-1.36.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"munin-node-2.0.20-1.36.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"munin-ruby-plugins-2.0.20-1.36.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"munin / munin-async / munin-cgi / munin-common / munin-java-plugins / etc\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-12T10:11:33", "description": "Upstream update to 2.0.19, fixes CVE-2013-6359\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 13, "published": "2013-12-16T00:00:00", "title": "Fedora 20 : munin-2.0.19-1.fc20 (2013-22968)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-6048", "CVE-2013-6359"], "modified": "2013-12-16T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:20", "p-cpe:/a:fedoraproject:fedora:munin"], "id": "FEDORA_2013-22968.NASL", "href": "https://www.tenable.com/plugins/nessus/71446", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2013-22968.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(71446);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2013-6048\", \"CVE-2013-6359\");\n script_xref(name:\"FEDORA\", value:\"2013-22968\");\n\n script_name(english:\"Fedora 20 : munin-2.0.19-1.fc20 (2013-22968)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Upstream update to 2.0.19, fixes CVE-2013-6359\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1037888\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2013-December/124146.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?65b31227\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected munin package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:munin\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:20\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/12/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/12/16\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^20([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 20.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC20\", reference:\"munin-2.0.19-1.fc20\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"munin\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-12T10:12:38", "description": "Upstream released 2.0.20\n\n - BZ# 1082162: munin-asyncd doesn't get added to chkconfig\n minor bugfix release :\n\n - BZ# 1081254: Start asyncd after node\n\n - BZ# 1028075: munin-node doesn't get added to chkconfig\n Upstream update to 2.0.18, fixes CVE-2013-6359\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 14, "published": "2014-04-07T00:00:00", "title": "Fedora 20 : munin-2.0.20-1.fc20 (2014-4542)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-6048", "CVE-2013-6359"], "modified": "2014-04-07T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:20", "p-cpe:/a:fedoraproject:fedora:munin"], "id": "FEDORA_2014-4542.NASL", "href": "https://www.tenable.com/plugins/nessus/73365", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2014-4542.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(73365);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2013-6048\", \"CVE-2013-6359\");\n script_bugtraq_id(64188, 64189);\n script_xref(name:\"FEDORA\", value:\"2014-4542\");\n\n script_name(english:\"Fedora 20 : munin-2.0.20-1.fc20 (2014-4542)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Upstream released 2.0.20\n\n - BZ# 1082162: munin-asyncd doesn't get added to chkconfig\n minor bugfix release :\n\n - BZ# 1081254: Start asyncd after node\n\n - BZ# 1028075: munin-node doesn't get added to chkconfig\n Upstream update to 2.0.18, fixes CVE-2013-6359\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1037888\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2014-April/131203.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?53c8e0e3\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected munin package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:munin\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:20\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/03/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/04/07\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^20([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 20.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC20\", reference:\"munin-2.0.20-1.fc20\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"munin\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-12T09:48:16", "description": "Christoph Biedl discovered two denial of service vulnerabilities in\nmunin, a network-wide graphing framework. The Common Vulnerabilities\nand Exposures project identifies the following problems :\n\n - CVE-2013-6048\n The Munin::Master::Node module of munin does not\n properly validate certain data a node sends. A malicious\n node might exploit this to drive the munin-html process\n into an infinite loop with memory exhaustion on the\n munin master.\n\n - CVE-2013-6359\n A malicious node, with a plugin enabled using\n 'multigraph' as a multigraph service name, can abort\n data collection for the entire node the plugin runs on.", "edition": 17, "published": "2013-12-10T00:00:00", "title": "Debian DSA-2815-1 : munin - denial of service", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-6048", "CVE-2013-6359"], "modified": "2013-12-10T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:munin", "cpe:/o:debian:debian_linux:7.0"], "id": "DEBIAN_DSA-2815.NASL", "href": "https://www.tenable.com/plugins/nessus/71278", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-2815. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(71278);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2013-6048\", \"CVE-2013-6359\");\n script_xref(name:\"DSA\", value:\"2815\");\n\n script_name(english:\"Debian DSA-2815-1 : munin - denial of service\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Christoph Biedl discovered two denial of service vulnerabilities in\nmunin, a network-wide graphing framework. The Common Vulnerabilities\nand Exposures project identifies the following problems :\n\n - CVE-2013-6048\n The Munin::Master::Node module of munin does not\n properly validate certain data a node sends. A malicious\n node might exploit this to drive the munin-html process\n into an infinite loop with memory exhaustion on the\n munin master.\n\n - CVE-2013-6359\n A malicious node, with a plugin enabled using\n 'multigraph' as a multigraph service name, can abort\n data collection for the entire node the plugin runs on.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-6048\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2013-6359\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/wheezy/munin\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2013/dsa-2815\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the munin packages.\n\nFor the stable distribution (wheezy), these problems have been fixed\nin version 2.0.6-4+deb7u2.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:munin\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/12/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/12/10\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"munin\", reference:\"2.0.6-4+deb7u2\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"munin-async\", reference:\"2.0.6-4+deb7u2\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"munin-common\", reference:\"2.0.6-4+deb7u2\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"munin-doc\", reference:\"2.0.6-4+deb7u2\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"munin-node\", reference:\"2.0.6-4+deb7u2\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"munin-plugins-core\", reference:\"2.0.6-4+deb7u2\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"munin-plugins-extra\", reference:\"2.0.6-4+deb7u2\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"munin-plugins-java\", reference:\"2.0.6-4+deb7u2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-07T11:54:26", "description": "Updated munin packages fix security vulnerabilities :\n\nThe Munin::Master::Node module of munin does not properly validate\ncertain data a node sends. A malicious node might exploit this to\ndrive the munin-html process into an infinite loop with memory\nexhaustion on the munin master (CVE-2013-6048).\n\nA malicious node, with a plugin enabled using multigraph as a\nmultigraph service name, can abort data collection for the entire node\nthe plugin runs on (CVE-2013-6359).", "edition": 24, "published": "2013-12-23T00:00:00", "title": "Mandriva Linux Security Advisory : munin (MDVSA-2013:297)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-6048", "CVE-2013-6359"], "modified": "2013-12-23T00:00:00", "cpe": ["cpe:/o:mandriva:business_server:1", "p-cpe:/a:mandriva:linux:munin", "p-cpe:/a:mandriva:linux:munin-master", "p-cpe:/a:mandriva:linux:munin-node"], "id": "MANDRIVA_MDVSA-2013-297.NASL", "href": "https://www.tenable.com/plugins/nessus/71605", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2013:297. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(71605);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2013-6048\", \"CVE-2013-6359\");\n script_bugtraq_id(64188, 64189);\n script_xref(name:\"MDVSA\", value:\"2013:297\");\n\n script_name(english:\"Mandriva Linux Security Advisory : munin (MDVSA-2013:297)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated munin packages fix security vulnerabilities :\n\nThe Munin::Master::Node module of munin does not properly validate\ncertain data a node sends. A malicious node might exploit this to\ndrive the munin-html process into an infinite loop with memory\nexhaustion on the munin master (CVE-2013-6048).\n\nA malicious node, with a plugin enabled using multigraph as a\nmultigraph service name, can abort data collection for the entire node\nthe plugin runs on (CVE-2013-6359).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://advisories.mageia.org/MGASA-2013-0378.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected munin, munin-master and / or munin-node packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:munin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:munin-master\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:munin-node\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:business_server:1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/12/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/12/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK-MBS1\", reference:\"munin-2.0-0.rc5.3.2.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", reference:\"munin-master-2.0-0.rc5.3.2.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", reference:\"munin-node-2.0-0.rc5.3.2.mbs1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-20T15:26:24", "description": "Christoph Biedl discovered that Munin incorrectly handled certain\nmultigraph data. A remote attacker could use this issue to cause Munin\nto consume resources, resulting in a denial of service.\n(CVE-2013-6048)\n\nChristoph Biedl discovered that Munin incorrectly handled certain\nmultigraph service names. A remote attacker could use this issue to\ncause Munin to stop data collection, resulting in a denial of service.\n(CVE-2013-6359).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 14, "published": "2014-01-28T00:00:00", "title": "Ubuntu 12.04 LTS / 12.10 / 13.10 : munin vulnerabilities (USN-2090-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-6048", "CVE-2013-6359"], "modified": "2014-01-28T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:13.10", "cpe:/o:canonical:ubuntu_linux:12.10", "cpe:/o:canonical:ubuntu_linux:12.04:-:lts", "p-cpe:/a:canonical:ubuntu_linux:munin"], "id": "UBUNTU_USN-2090-1.NASL", "href": "https://www.tenable.com/plugins/nessus/72164", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-2090-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(72164);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2013-6048\", \"CVE-2013-6359\");\n script_bugtraq_id(64188, 64189);\n script_xref(name:\"USN\", value:\"2090-1\");\n\n script_name(english:\"Ubuntu 12.04 LTS / 12.10 / 13.10 : munin vulnerabilities (USN-2090-1)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Christoph Biedl discovered that Munin incorrectly handled certain\nmultigraph data. A remote attacker could use this issue to cause Munin\nto consume resources, resulting in a denial of service.\n(CVE-2013-6048)\n\nChristoph Biedl discovered that Munin incorrectly handled certain\nmultigraph service names. A remote attacker could use this issue to\ncause Munin to stop data collection, resulting in a denial of service.\n(CVE-2013-6359).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/2090-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected munin package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:munin\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:13.10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/12/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/01/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/01/28\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2014-2020 Canonical, Inc. / NASL script (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(12\\.04|12\\.10|13\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 12.04 / 12.10 / 13.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"12.04\", pkgname:\"munin\", pkgver:\"1.4.6-3ubuntu3.4\")) flag++;\nif (ubuntu_check(osver:\"12.10\", pkgname:\"munin\", pkgver:\"2.0.2-1ubuntu2.3\")) flag++;\nif (ubuntu_check(osver:\"13.10\", pkgname:\"munin\", pkgver:\"2.0.17-2ubuntu1.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"munin\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-12T10:12:38", "description": "Upstream released 2.0.20\n\n - BZ# 1082162: munin-asyncd doesn't get added to chkconfig\n minor bugfix release :\n\n - BZ# 1081254: Start asyncd after node\n\n - BZ# 1028075: munin-node doesn't get added to chkconfig\n Upstream update to 2.0.18, fixes CVE-2013-6359\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 14, "published": "2014-04-07T00:00:00", "title": "Fedora 19 : munin-2.0.20-1.fc19 (2014-4462)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-6048", "CVE-2013-6359"], "modified": "2014-04-07T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:19", "p-cpe:/a:fedoraproject:fedora:munin"], "id": "FEDORA_2014-4462.NASL", "href": "https://www.tenable.com/plugins/nessus/73363", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2014-4462.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(73363);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2013-6048\", \"CVE-2013-6359\");\n script_bugtraq_id(64188, 64189);\n script_xref(name:\"FEDORA\", value:\"2014-4462\");\n\n script_name(english:\"Fedora 19 : munin-2.0.20-1.fc19 (2014-4462)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Upstream released 2.0.20\n\n - BZ# 1082162: munin-asyncd doesn't get added to chkconfig\n minor bugfix release :\n\n - BZ# 1081254: Start asyncd after node\n\n - BZ# 1028075: munin-node doesn't get added to chkconfig\n Upstream update to 2.0.18, fixes CVE-2013-6359\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1037888\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2014-April/131204.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?cf4a206f\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected munin package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:munin\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:19\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/03/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/04/07\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^19([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 19.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC19\", reference:\"munin-2.0.20-1.fc19\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"munin\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "openvas": [{"lastseen": "2018-01-24T11:09:48", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-6048", "CVE-2013-6359"], "description": "Check for the Version of munin", "modified": "2018-01-24T00:00:00", "published": "2013-12-17T00:00:00", "id": "OPENVAS:867154", "href": "http://plugins.openvas.org/nasl.php?oid=867154", "type": "openvas", "title": "Fedora Update for munin FEDORA-2013-23016", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for munin FEDORA-2013-23016\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\nif(description)\n{\n script_id(867154);\n script_version(\"$Revision: 8509 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-24 07:57:46 +0100 (Wed, 24 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-12-17 11:48:20 +0530 (Tue, 17 Dec 2013)\");\n script_cve_id(\"CVE-2013-6359\", \"CVE-2013-6048\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_name(\"Fedora Update for munin FEDORA-2013-23016\");\n\n tag_insight = \"Munin is a highly flexible and powerful solution used to create graphs\nof virtually everything imaginable throughout your network, while still\nmaintaining a rattling ease of installation and configuration.\n\nThis package contains the grapher/gatherer. You will only need one instance of\nit in your network. It will periodically poll all the nodes in your network\nit's aware of for data, which it in turn will use to create graphs and HTML\npages, suitable for viewing with your graphical web browser of choice.\n\nMunin is written in Perl, and relies heavily on Tobi Oetiker's excellent\nRRDtool.\n\nCreaete a munin web user after installing:\nhtpasswd -bc /etc/munin/munin-htpasswd MUNIN_WEB_USER PASSWORD\n\";\n\n tag_affected = \"munin on Fedora 19\";\n\n tag_solution = \"Please Install the Updated Packages.\";\n\n\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name: \"FEDORA\", value: \"2013-23016\");\n script_xref(name: \"URL\" , value: \"https://lists.fedoraproject.org/pipermail/package-announce/2013-December/124182.html\");\n script_tag(name: \"summary\" , value: \"Check for the Version of munin\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2013 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC19\")\n{\n\n if ((res = isrpmvuln(pkg:\"munin\", rpm:\"munin~2.0.19~1.fc19\", rls:\"FC19\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:38:12", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-6048", "CVE-2013-6359"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2013-12-17T00:00:00", "id": "OPENVAS:1361412562310867154", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310867154", "type": "openvas", "title": "Fedora Update for munin FEDORA-2013-23016", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for munin FEDORA-2013-23016\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.867154\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2013-12-17 11:48:20 +0530 (Tue, 17 Dec 2013)\");\n script_cve_id(\"CVE-2013-6359\", \"CVE-2013-6048\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_name(\"Fedora Update for munin FEDORA-2013-23016\");\n\n\n script_tag(name:\"affected\", value:\"munin on Fedora 19\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"FEDORA\", value:\"2013-23016\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2013-December/124182.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'munin'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2013 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC19\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC19\")\n{\n\n if ((res = isrpmvuln(pkg:\"munin\", rpm:\"munin~2.0.19~1.fc19\", rls:\"FC19\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:37:22", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-6048", "CVE-2013-6359"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2014-04-08T00:00:00", "id": "OPENVAS:1361412562310867671", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310867671", "type": "openvas", "title": "Fedora Update for munin FEDORA-2014-4542", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for munin FEDORA-2014-4542\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.867671\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2014-04-08 11:18:23 +0530 (Tue, 08 Apr 2014)\");\n script_cve_id(\"CVE-2013-6359\", \"CVE-2013-6048\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_name(\"Fedora Update for munin FEDORA-2014-4542\");\n script_tag(name:\"affected\", value:\"munin on Fedora 20\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"FEDORA\", value:\"2014-4542\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2014-April/131203.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'munin'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC20\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC20\")\n{\n\n if ((res = isrpmvuln(pkg:\"munin\", rpm:\"munin~2.0.20~1.fc20\", rls:\"FC20\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:37:17", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-6048", "CVE-2013-6359"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2014-02-05T00:00:00", "id": "OPENVAS:1361412562310867297", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310867297", "type": "openvas", "title": "Fedora Update for munin FEDORA-2013-22968", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for munin FEDORA-2013-22968\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.867297\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2014-02-05 10:24:35 +0530 (Wed, 05 Feb 2014)\");\n script_cve_id(\"CVE-2013-6359\", \"CVE-2013-6048\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_name(\"Fedora Update for munin FEDORA-2013-22968\");\n script_tag(name:\"affected\", value:\"munin on Fedora 20\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"FEDORA\", value:\"2013-22968\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2013-December/124146.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'munin'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC20\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC20\")\n{\n\n if ((res = isrpmvuln(pkg:\"munin\", rpm:\"munin~2.0.19~1.fc20\", rls:\"FC20\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:37:19", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-6048", "CVE-2013-6359"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2014-04-08T00:00:00", "id": "OPENVAS:1361412562310867667", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310867667", "type": "openvas", "title": "Fedora Update for munin FEDORA-2014-4462", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for munin FEDORA-2014-4462\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.867667\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2014-04-08 11:15:06 +0530 (Tue, 08 Apr 2014)\");\n script_cve_id(\"CVE-2013-6359\", \"CVE-2013-6048\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_name(\"Fedora Update for munin FEDORA-2014-4462\");\n script_tag(name:\"affected\", value:\"munin on Fedora 19\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"FEDORA\", value:\"2014-4462\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2014-April/131204.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'munin'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC19\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC19\")\n{\n\n if ((res = isrpmvuln(pkg:\"munin\", rpm:\"munin~2.0.20~1.fc19\", rls:\"FC19\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2017-07-25T10:48:27", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-6048", "CVE-2013-6359"], "description": "Check for the Version of munin", "modified": "2017-07-10T00:00:00", "published": "2014-04-08T00:00:00", "id": "OPENVAS:867667", "href": "http://plugins.openvas.org/nasl.php?oid=867667", "type": "openvas", "title": "Fedora Update for munin FEDORA-2014-4462", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for munin FEDORA-2014-4462\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\nif(description)\n{\n script_id(867667);\n script_version(\"$Revision: 6629 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:33:41 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2014-04-08 11:15:06 +0530 (Tue, 08 Apr 2014)\");\n script_cve_id(\"CVE-2013-6359\", \"CVE-2013-6048\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_name(\"Fedora Update for munin FEDORA-2014-4462\");\n\n tag_insight = \"Munin is a highly flexible and powerful solution used to create graphs\nof virtually everything imaginable throughout your network, while still\nmaintaining a rattling ease of installation and configuration.\n\nThis package contains the grapher/gatherer. You will only need one instance of\nit in your network. It will periodically poll all the nodes in your network\nit's aware of for data, which it in turn will use to create graphs and HTML\npages, suitable for viewing with your graphical web browser of choice.\n\nMunin is written in Perl, and relies heavily on Tobi Oetiker's excellent\nRRDtool.\n\nCreaete a munin web user after installing:\nhtpasswd -bc /etc/munin/munin-htpasswd MUNIN_WEB_USER PASSWORD\n\";\n\n tag_affected = \"munin on Fedora 19\";\n\n tag_solution = \"Please Install the Updated Packages.\";\n\n\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name: \"FEDORA\", value: \"2014-4462\");\n script_xref(name: \"URL\" , value: \"https://lists.fedoraproject.org/pipermail/package-announce/2014-April/131204.html\");\n script_summary(\"Check for the Version of munin\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC19\")\n{\n\n if ((res = isrpmvuln(pkg:\"munin\", rpm:\"munin~2.0.20~1.fc19\", rls:\"FC19\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:38:10", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-6048", "CVE-2013-6359"], "description": "Christoph Biedl discovered two denial of service vulnerabilities in\nmunin, a network-wide graphing framework. The Common Vulnerabilities and\nExposures project identifies the following problems:\n\nCVE-2013-6048\nThe Munin::Master::Node module of munin does not properly validate\ncertain data a node sends. A malicious node might exploit this to\ndrive the munin-html process into an infinite loop with memory\nexhaustion on the munin master.\n\nCVE-2013-6359A malicious node, with a plugin enabled using multigraph\nas a\nmultigraph service name, can abort data collection for the entire\nnode the plugin runs on.", "modified": "2019-03-18T00:00:00", "published": "2013-12-09T00:00:00", "id": "OPENVAS:1361412562310892815", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310892815", "type": "openvas", "title": "Debian Security Advisory DSA 2815-1 (munin - denial of service)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2815.nasl 14276 2019-03-18 14:43:56Z cfischer $\n# Auto-generated from advisory DSA 2815-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.892815\");\n script_version(\"$Revision: 14276 $\");\n script_cve_id(\"CVE-2013-6359\", \"CVE-2013-6048\");\n script_name(\"Debian Security Advisory DSA 2815-1 (munin - denial of service)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 15:43:56 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2013-12-09 00:00:00 +0100 (Mon, 09 Dec 2013)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_xref(name:\"URL\", value:\"http://www.debian.org/security/2013/dsa-2815.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB7\");\n script_tag(name:\"affected\", value:\"munin on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the stable distribution (wheezy), these problems have been fixed in\nversion 2.0.6-4+deb7u2.\n\nFor the testing distribution (jessie), these problems have been fixed in\nversion 2.0.18-1.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 2.0.18-1.\n\nWe recommend that you upgrade your munin packages.\");\n script_tag(name:\"summary\", value:\"Christoph Biedl discovered two denial of service vulnerabilities in\nmunin, a network-wide graphing framework. The Common Vulnerabilities and\nExposures project identifies the following problems:\n\nCVE-2013-6048\nThe Munin::Master::Node module of munin does not properly validate\ncertain data a node sends. A malicious node might exploit this to\ndrive the munin-html process into an infinite loop with memory\nexhaustion on the munin master.\n\nCVE-2013-6359A malicious node, with a plugin enabled using multigraph\nas a\nmultigraph service name, can abort data collection for the entire\nnode the plugin runs on.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"munin\", ver:\"2.0.6-4+deb7u2\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"munin-async\", ver:\"2.0.6-4+deb7u2\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"munin-common\", ver:\"2.0.6-4+deb7u2\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"munin-doc\", ver:\"2.0.6-4+deb7u2\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"munin-node\", ver:\"2.0.6-4+deb7u2\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"munin-plugins-core\", ver:\"2.0.6-4+deb7u2\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"munin-plugins-extra\", ver:\"2.0.6-4+deb7u2\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"munin-plugins-java\", ver:\"2.0.6-4+deb7u2\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-03-17T23:01:01", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-6048", "CVE-2013-6359"], "description": "The remote host is missing an update announced via the referenced Security Advisory.", "modified": "2020-03-13T00:00:00", "published": "2015-09-08T00:00:00", "id": "OPENVAS:1361412562310120467", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310120467", "type": "openvas", "title": "Amazon Linux: Security Advisory (ALAS-2014-348)", "sourceData": "# Copyright (C) 2015 Eero Volotinen\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.120467\");\n script_version(\"2020-03-13T13:19:50+0000\");\n script_tag(name:\"creation_date\", value:\"2015-09-08 13:27:04 +0200 (Tue, 08 Sep 2015)\");\n script_tag(name:\"last_modification\", value:\"2020-03-13 13:19:50 +0000 (Fri, 13 Mar 2020)\");\n script_name(\"Amazon Linux: Security Advisory (ALAS-2014-348)\");\n script_tag(name:\"insight\", value:\"The get_group_tree function in lib/Munin/Master/HTMLConfig.pm in Munin before 2.0.18 allows remote nodes to cause a denial of service (infinite loop and memory consumption in the munin-html process) via crafted multigraph data.Munin::Master::Node in Munin before 2.0.18 allows remote attackers to cause a denial of service (abort data collection for node) via a plugin that uses multigraph as a multigraph service name.\");\n script_tag(name:\"solution\", value:\"Run yum update munin to update your system.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://alas.aws.amazon.com/ALAS-2014-348.html\");\n script_cve_id(\"CVE-2013-6048\", \"CVE-2013-6359\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/amazon_linux\", \"ssh/login/release\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"The remote host is missing an update announced via the referenced Security Advisory.\");\n script_copyright(\"Copyright (C) 2015 Eero Volotinen\");\n script_family(\"Amazon Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"AMAZON\") {\n if(!isnull(res = isrpmvuln(pkg:\"munin-async\", rpm:\"munin-async~2.0.20~1.36.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"munin-nginx\", rpm:\"munin-nginx~2.0.20~1.36.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"munin-cgi\", rpm:\"munin-cgi~2.0.20~1.36.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"munin-ruby-plugins\", rpm:\"munin-ruby-plugins~2.0.20~1.36.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"munin\", rpm:\"munin~2.0.20~1.36.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"munin-netip-plugins\", rpm:\"munin-netip-plugins~2.0.20~1.36.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"munin-common\", rpm:\"munin-common~2.0.20~1.36.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"munin-node\", rpm:\"munin-node~2.0.20~1.36.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"munin-java-plugins\", rpm:\"munin-java-plugins~2.0.20~1.36.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"munin\", rpm:\"munin~2.0.20~1.36.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:37:55", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-6048", "CVE-2013-6359"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2013-12-17T00:00:00", "id": "OPENVAS:1361412562310867143", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310867143", "type": "openvas", "title": "Fedora Update for munin FEDORA-2013-22993", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for munin FEDORA-2013-22993\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.867143\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2013-12-17 11:47:35 +0530 (Tue, 17 Dec 2013)\");\n script_cve_id(\"CVE-2013-6359\", \"CVE-2013-6048\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_name(\"Fedora Update for munin FEDORA-2013-22993\");\n\n\n script_tag(name:\"affected\", value:\"munin on Fedora 18\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"FEDORA\", value:\"2013-22993\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2013-December/124186.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'munin'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2013 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC18\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC18\")\n{\n\n if ((res = isrpmvuln(pkg:\"munin\", rpm:\"munin~2.0.19~1.fc18\", rls:\"FC18\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2017-07-25T10:48:15", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-6048", "CVE-2013-6359"], "description": "Check for the Version of munin", "modified": "2017-07-10T00:00:00", "published": "2014-02-05T00:00:00", "id": "OPENVAS:867297", "href": "http://plugins.openvas.org/nasl.php?oid=867297", "type": "openvas", "title": "Fedora Update for munin FEDORA-2013-22968", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for munin FEDORA-2013-22968\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\nif(description)\n{\n script_id(867297);\n script_version(\"$Revision: 6629 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:33:41 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2014-02-05 10:24:35 +0530 (Wed, 05 Feb 2014)\");\n script_cve_id(\"CVE-2013-6359\", \"CVE-2013-6048\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_name(\"Fedora Update for munin FEDORA-2013-22968\");\n\n tag_insight = \"Munin is a highly flexible and powerful solution used to create graphs\nof virtually everything imaginable throughout your network, while still\nmaintaining a rattling ease of installation and configuration.\n\nThis package contains the grapher/gatherer. You will only need one instance of\nit in your network. It will periodically poll all the nodes in your network\nit's aware of for data, which it in turn will use to create graphs and HTML\npages, suitable for viewing with your graphical web browser of choice.\n\nMunin is written in Perl, and relies heavily on Tobi Oetiker's excellent\nRRDtool.\n\nCreaete a munin web user after installing:\nhtpasswd -bc /etc/munin/munin-htpasswd MUNIN_WEB_USER PASSWORD\n\";\n\n tag_affected = \"munin on Fedora 20\";\n\n tag_solution = \"Please Install the Updated Packages.\";\n\n\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name: \"FEDORA\", value: \"2013-22968\");\n script_xref(name: \"URL\" , value: \"https://lists.fedoraproject.org/pipermail/package-announce/2013-December/124146.html\");\n script_summary(\"Check for the Version of munin\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC20\")\n{\n\n if ((res = isrpmvuln(pkg:\"munin\", rpm:\"munin~2.0.19~1.fc20\", rls:\"FC20\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "securityvulns": [{"lastseen": "2018-08-31T11:09:54", "bulletinFamily": "software", "cvelist": ["CVE-2013-7080", "CVE-2013-6397", "CVE-2013-7034", "CVE-2013-4567", "CVE-2013-7033", "CVE-2013-2764", "CVE-2013-6993", "CVE-2013-7073", "CVE-2013-6403", "CVE-2013-6878", "CVE-2013-7032", "CVE-2013-7074", "CVE-2013-5573", "CVE-2013-7079", "CVE-2013-6991", "CVE-2013-7081", "CVE-2013-6839", "CVE-2013-7138", "CVE-2013-7078", "CVE-2013-7075", "CVE-2013-2628", "CVE-2013-6880", "CVE-2013-2627", "CVE-2013-6992", "CVE-2013-6788", "CVE-2013-4568", "CVE-2013-7003", "CVE-2013-6048", "CVE-2013-7139", "CVE-2013-2629", "CVE-2013-6359", "CVE-2013-7076", "CVE-2013-6879", "CVE-2013-6408", "CVE-2013-7097", "CVE-2013-7149", "CVE-2013-6407", "CVE-2013-7137", "CVE-2013-4572"], "description": "PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.", "edition": 1, "modified": "2014-01-09T00:00:00", "published": "2014-01-09T00:00:00", "id": "SECURITYVULNS:VULN:13507", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:13507", "title": "Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)", "type": "securityvulns", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}]}
