Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 625558

Summary: <net-analyzer/munin-2.0.33: file write vulnerability
Product: Gentoo Security Reporter: Hans de Graaff <graaff>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED DUPLICATE    
Severity: normal CC: sysadmin
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6188
Whiteboard: C3 [stable?]
Package list:
Runtime testing required: ---

Description Hans de Graaff gentoo-dev Security 2017-07-18 18:15:56 UTC 
Munin before 2.999.6 has a local file write vulnerability when CGI graphs are enabled. Setting multiple upper_limit GET parameters allows overwriting any file accessible to the www-data user.

This is also fixed in 2.0.30.1: https://github.com/munin-monitoring/munin/issues/721
Comment 1 Kristian Fiskerstrand (RETIRED) gentoo-dev 2017-07-18 18:24:22 UTC 

*** This bug has been marked as a duplicate of bug 610602 ***