CVE-2012-3512
published 2012-11-21CVE-2012-3512: Munin before 2.0.6 stores plugin state files that run as root in the same group-writable directory as non-root plugins, which allows local users to execute…
PriorityP432high7.2CVSS 2.0
AVLACLAuNCCICAC
EPSS
0.59%
43.8th percentile
Munin before 2.0.6 stores plugin state files that run as root in the same group-writable directory as non-root plugins, which allows local users to execute arbitrary code by replacing a state file, as demonstrated using the smart_ plugin.
Affected
25 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | munin | < munin 2.0.6-1 (bookworm) | munin 2.0.6-1 (bookworm) |
| munin-monitoring | munin | <= 2.0.5 | — |
| munin-monitoring | munin | — | — |
| munin-monitoring | munin | — | — |
| munin-monitoring | munin | — | — |
| munin-monitoring | munin | — | — |
| munin-monitoring | munin | — | — |
| munin-monitoring | munin | — | — |
| munin-monitoring | munin | — | — |
| munin-monitoring | munin | — | — |
| munin-monitoring | munin | — | — |
| munin-monitoring | munin | — | — |
| munin-monitoring | munin | — | — |
| munin-monitoring | munin | — | — |
| munin-monitoring | munin | — | — |
| munin-monitoring | munin | — | — |
| munin-monitoring | munin | — | — |
| munin-monitoring | munin | — | — |
| munin-monitoring | munin | — | — |
| munin-monitoring | munin | — | — |
| munin-monitoring | munin | — | — |
| munin-monitoring | munin | >= 0 < 2.0.6-1 | 2.0.6-1 |
| munin-monitoring | munin | >= 0 < 2.0.6-1 | 2.0.6-1 |
| munin-monitoring | munin | >= 0 < 2.0.6-1 | 2.0.6-1 |
| munin-monitoring | munin | >= 0 < 2.0.6-1 | 2.0.6-1 |
CVSS provenance
nvdv2.07.2HIGHAV:L/AC:L/Au:N/C:C/I:C/A:C
osv7.2HIGH
vendor_debian7.2HIGH
vendor_ubuntu1.2LOW
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-g93j-j4g4-hr9q: Munin before 2
ghsa_unreviewed·2022-05-17
CVE-2012-3512 [HIGH] GHSA-g93j-j4g4-hr9q: Munin before 2
Munin before 2.0.6 stores plugin state files that run as root in the same group-writable directory as non-root plugins, which allows local users to execute arbitrary code by replacing a state file, as demonstrated using the smart_ plugin.
OSV
CVE-2012-3512: Munin before 2
osv·2012-11-21·CVSS 7.2
CVE-2012-3512 [HIGH] CVE-2012-3512: Munin before 2
Munin before 2.0.6 stores plugin state files that run as root in the same group-writable directory as non-root plugins, which allows local users to execute arbitrary code by replacing a state file, as demonstrated using the smart_ plugin.
Ubuntu
Munin vulnerabilities
vendor_ubuntu·2012-11-05·CVSS 1.2
CVE-2012-2103 [LOW] Munin vulnerabilities
Title: Munin vulnerabilities
Summary: Several security issues were fixed in Munin.
It was discovered that the Munin qmailscan plugin incorrectly handled
temporary files. A local attacker could use this issue to possibly
overwrite arbitrary files. This issue only affected Ubuntu 10.04 LTS,
Ubuntu 11.10, and Ubuntu 12.04 LTS. (CVE-2012-2103)
It was discovered that Munin incorrectly handled plugin state file
permissions. An attacker obtaining privileges of the munin user could use
this issue to escalate privileges to root. (CVE-2012-3512)
It was discovered that Munin incorrectly handled specifying an alternate
configuration file. A remote attacker could possibly use this issue to
execute arbitrary code with the privileges of the web server. This issue
only affected Ubuntu 12.10. (CVE-2012
Debian
CVE-2012-3512: munin - Munin before 2.0.6 stores plugin state files that run as root in the same group-...
vendor_debian·2012·CVSS 7.2
CVE-2012-3512 [HIGH] CVE-2012-3512: munin - Munin before 2.0.6 stores plugin state files that run as root in the same group-...
Munin before 2.0.6 stores plugin state files that run as root in the same group-writable directory as non-root plugins, which allows local users to execute arbitrary code by replacing a state file, as demonstrated using the smart_ plugin.
Scope: local
bookworm: resolved (fixed in 2.0.6-1)
bullseye: resolved (fixed in 2.0.6-1)
forky: resolved (fixed in 2.0.6-1)
sid: resolved (fixed in 2.0.6-1)
trixie: resolved (fixed in 2.0.6-1)
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2012-3512 munin: insecure state file handling, munin->root privilege [fedora-all]
bugzilla·2012-08-21·CVSS 7.2
CVE-2012-3512 [HIGH] CVE-2012-3512 munin: insecure state file handling, munin->root privilege [fedora-all]
CVE-2012-3512 munin: insecure state file handling, munin->root privilege [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected Fedora
versions.
For comments that are specific to the vulnerability please use bugs filed
against "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, please include this bug ID and the
bug IDs of this bug's parent bugs filed against the "Security Response"
product (the top-level CVE bugs). Please mention the CVE IDs being fixed
in the RPM changelog when available.
Bodhi update submission link:
https://admin.fedoraproject.org/updates/new/?type
Bugzilla
CVE-2012-3512 munin: insecure state file handling, munin->root privilege [epel-all]
bugzilla·2012-08-21·CVSS 7.2
CVE-2012-3512 [HIGH] CVE-2012-3512 munin: insecure state file handling, munin->root privilege [epel-all]
CVE-2012-3512 munin: insecure state file handling, munin->root privilege [epel-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected Fedora
versions.
For comments that are specific to the vulnerability please use bugs filed
against "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, please include this bug ID and the
bug IDs of this bug's parent bugs filed against the "Security Response"
product (the top-level CVE bugs). Please mention the CVE IDs being fixed
in the RPM changelog when available.
Bodhi update submission link:
https://admin.fedoraproject.org/updates/new/?type_=
Bugzilla
CVE-2012-3512 munin: insecure state file handling, munin->root privilege
bugzilla·2012-08-21·CVSS 7.2
CVE-2012-3512 [HIGH] CVE-2012-3512 munin: insecure state file handling, munin->root privilege
CVE-2012-3512 munin: insecure state file handling, munin->root privilege
Stevie Trujillo reports:
Package: munin-plugins-core
Version: 1.4.5-3
Severity: grave
Tags: upstream security
X-Debbugs-CC: [email protected]
Hello, copying kenyon's report from
http://www.munin-monitoring.org/ticket/1234 :
Currently, plugins which run as root mix their state files in the same
directory as non-root plugins. The state directory is owned by
munin:munin and is group-writable. Because of these facts, it is
possible for an attacker who operates as user munin to cause a
root-run plugin to run arbitrary code as root.
A proof-of-concept example is the smart_ plugin. It must run as root
to access disk SMART data. It also stores state in Python pickle
format, which can store executable Python code. Example
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=684075http://lists.fedoraproject.org/pipermail/package-announce/2012-September/086375.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2012-September/088239.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2012-September/088260.htmlhttp://www.munin-monitoring.org/ticket/1234http://www.openwall.com/lists/oss-security/2012/08/21/1http://www.securityfocus.com/bid/55698http://www.ubuntu.com/usn/USN-1622-1http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=684075http://lists.fedoraproject.org/pipermail/package-announce/2012-September/086375.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2012-September/088239.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2012-September/088260.htmlhttp://www.munin-monitoring.org/ticket/1234http://www.openwall.com/lists/oss-security/2012/08/21/1http://www.securityfocus.com/bid/55698http://www.ubuntu.com/usn/USN-1622-1
2012-11-21
Published