CVE-2012-3512

2012-08-2100:00:00

ubuntu.com

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

5.2%

JSON

Munin before 2.0.6 stores plugin state files that run as root in the same
group-writable directory as non-root plugins, which allows local users to
execute arbitrary code by replacing a state file, as demonstrated using the
smart_ plugin.

Bugs

Notes

Author	Note
sbeattie	munin user/group to root escalation

OSVersionArchitecturePackageVersionFilename
ubuntu10.04noarchmunin< 1.4.4-1ubuntu1.2UNKNOWN
ubuntu11.10noarchmunin< 1.4.5-3ubuntu4.11.10.2UNKNOWN
ubuntu12.04noarchmunin< 1.4.6-3ubuntu3.3UNKNOWN
ubuntu12.10noarchmunin< 2.0.2-1ubuntu2.2UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	10.04	noarch	munin	< 1.4.4-1ubuntu1.2	UNKNOWN
ubuntu	11.10	noarch	munin	< 1.4.5-3ubuntu4.11.10.2	UNKNOWN
ubuntu	12.04	noarch	munin	< 1.4.6-3ubuntu3.3	UNKNOWN
ubuntu	12.10	noarch	munin	< 2.0.2-1ubuntu2.2	UNKNOWN