CVE-2012-2103 — Link Following in Munin

Severity

1.2LOWNVD

EPSS

0.0%

top 88.23%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Timeline

PublishedAug 26

Latest updateMay 17

Description

The qmailscan plugin for Munin 1.4.5 allows local users to overwrite arbitrary files via a symlink attack on temporary files with predictable names.

AV:L/AC:H/C:N/I:P/A:NExploitability: 1.9 | Impact: 2.9

▶debiandebian/munin< munin 2.0~rc6-1 (bookworm)

GHSA

GHSA-wp9g-5pp9-hxcm: The qmailscan plugin for Munin 1↗2022-05-17

▶

OSV

CVE-2012-2103: The qmailscan plugin for Munin 1↗2012-08-26

▶

Ubuntu

Munin vulnerabilities↗2012-11-05

▶

Debian

CVE-2012-2103: munin - The qmailscan plugin for Munin 1.4.5 allows local users to overwrite arbitrary f...↗2012

▶

Bugzilla

CVE-2012-2103 munin: Insecure temp file use in qmailscan plug-in↗2012-04-16

▶