CVE-2012-3513
published 2012-11-21CVE-2012-3513: munin-cgi-graph in Munin before 2.0.6, when running as a CGI module under Apache, allows remote attackers to load new configurations and create files in…
PriorityP348critical9.3CVSS 2.0
AVNACMAuNCCICAC
EPSS
2.37%
81.7th percentile
munin-cgi-graph in Munin before 2.0.6, when running as a CGI module under Apache, allows remote attackers to load new configurations and create files in arbitrary directories via the logdir command.
Affected
25 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | munin | < munin 2.0.6-1 (bookworm) | munin 2.0.6-1 (bookworm) |
| munin-monitoring | munin | <= 2.0.5 | — |
| munin-monitoring | munin | — | — |
| munin-monitoring | munin | — | — |
| munin-monitoring | munin | — | — |
| munin-monitoring | munin | — | — |
| munin-monitoring | munin | — | — |
| munin-monitoring | munin | — | — |
| munin-monitoring | munin | — | — |
| munin-monitoring | munin | — | — |
| munin-monitoring | munin | — | — |
| munin-monitoring | munin | — | — |
| munin-monitoring | munin | — | — |
| munin-monitoring | munin | — | — |
| munin-monitoring | munin | — | — |
| munin-monitoring | munin | — | — |
| munin-monitoring | munin | — | — |
| munin-monitoring | munin | — | — |
| munin-monitoring | munin | — | — |
| munin-monitoring | munin | — | — |
| munin-monitoring | munin | — | — |
| munin-monitoring | munin | >= 0 < 2.0.6-1 | 2.0.6-1 |
| munin-monitoring | munin | >= 0 < 2.0.6-1 | 2.0.6-1 |
| munin-monitoring | munin | >= 0 < 2.0.6-1 | 2.0.6-1 |
| munin-monitoring | munin | >= 0 < 2.0.6-1 | 2.0.6-1 |
CVSS provenance
nvdv2.09.3CRITICALAV:N/AC:M/Au:N/C:C/I:C/A:C
osv9.3CRITICAL
vendor_debian9.3CRITICAL
vendor_ubuntu1.2LOW
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-cfmj-pc5v-pwv8: munin-cgi-graph in Munin before 2
ghsa_unreviewed·2022-05-17
CVE-2012-3513 [HIGH] GHSA-cfmj-pc5v-pwv8: munin-cgi-graph in Munin before 2
munin-cgi-graph in Munin before 2.0.6, when running as a CGI module under Apache, allows remote attackers to load new configurations and create files in arbitrary directories via the logdir command.
OSV
CVE-2012-3513: munin-cgi-graph in Munin before 2
osv·2012-11-21·CVSS 9.3
CVE-2012-3513 [CRITICAL] CVE-2012-3513: munin-cgi-graph in Munin before 2
munin-cgi-graph in Munin before 2.0.6, when running as a CGI module under Apache, allows remote attackers to load new configurations and create files in arbitrary directories via the logdir command.
Ubuntu
Munin vulnerabilities
vendor_ubuntu·2012-11-05·CVSS 1.2
CVE-2012-2103 [LOW] Munin vulnerabilities
Title: Munin vulnerabilities
Summary: Several security issues were fixed in Munin.
It was discovered that the Munin qmailscan plugin incorrectly handled
temporary files. A local attacker could use this issue to possibly
overwrite arbitrary files. This issue only affected Ubuntu 10.04 LTS,
Ubuntu 11.10, and Ubuntu 12.04 LTS. (CVE-2012-2103)
It was discovered that Munin incorrectly handled plugin state file
permissions. An attacker obtaining privileges of the munin user could use
this issue to escalate privileges to root. (CVE-2012-3512)
It was discovered that Munin incorrectly handled specifying an alternate
configuration file. A remote attacker could possibly use this issue to
execute arbitrary code with the privileges of the web server. This issue
only affected Ubuntu 12.10. (CVE-2012
Debian
CVE-2012-3513: munin - munin-cgi-graph in Munin before 2.0.6, when running as a CGI module under Apache...
vendor_debian·2012·CVSS 9.3
CVE-2012-3513 [CRITICAL] CVE-2012-3513: munin - munin-cgi-graph in Munin before 2.0.6, when running as a CGI module under Apache...
munin-cgi-graph in Munin before 2.0.6, when running as a CGI module under Apache, allows remote attackers to load new configurations and create files in arbitrary directories via the logdir command.
Scope: local
bookworm: resolved (fixed in 2.0.6-1)
bullseye: resolved (fixed in 2.0.6-1)
forky: resolved (fixed in 2.0.6-1)
sid: resolved (fixed in 2.0.6-1)
trixie: resolved (fixed in 2.0.6-1)
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=684076http://www.munin-monitoring.org/ticket/1238http://www.openwall.com/lists/oss-security/2012/08/21/1http://www.ubuntu.com/usn/USN-1622-1http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=684076http://www.munin-monitoring.org/ticket/1238http://www.openwall.com/lists/oss-security/2012/08/21/1http://www.ubuntu.com/usn/USN-1622-1
2012-11-21
Published