ArchLinux: 201905-1: munin: arbitrary file overwrite

    Date07 May 2019
    CategoryArchLinux
    163
    Posted ByLinuxSecurity Advisories
    The package munin before version 2.0.47-1 is vulnerable to arbitrary file overwrite.
    Arch Linux Security Advisory ASA-201905-1
    =========================================
    
    Severity: High
    Date    : 2019-05-06
    CVE-ID  : CVE-2017-6188
    Package : munin
    Type    : arbitrary file overwrite
    Remote  : Yes
    Link    : https://security.archlinux.org/AVG-953
    
    Summary
    =======
    
    The package munin before version 2.0.47-1 is vulnerable to arbitrary
    file overwrite.
    
    Resolution
    ==========
    
    Upgrade to 2.0.47-1.
    
    # pacman -Syu "munin>=2.0.47-1"
    
    The problem has been fixed upstream in version 2.0.47.
    
    Workaround
    ==========
    
    None.
    
    Description
    ===========
    
    A vulnerability in munin allows attackers to overwrite any file
    accessible to the webserver user by setting multiple upper_limit GET
    parameters when CGI graphs are enabled.
    
    Impact
    ======
    
    A remote attacker is able to overwrite arbitrary files on the
    filesystem.
    
    References
    ==========
    
    https://bugs.archlinux.org/task/57537
    https://www.debian.org/security/2017/dsa-3794
    https://github.com/munin-monitoring/munin/pull/797/commits/42ce18f24d3eae8be33526a198bf21e4f2330230
    https://security.archlinux.org/CVE-2017-6188
    
    You are not authorised to post comments.

    LinuxSecurity Poll

    What is your favorite LinuxSecurity.com feature?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /component/communitypolls/?task=poll.vote&format=json
    17
    radio
    [{"id":"65","title":"Feature articles","votes":"0","type":"x","order":"1","pct":0,"resources":[]},{"id":"66","title":"News","votes":"1","type":"x","order":"2","pct":33.33,"resources":[]},{"id":"67","title":"HOWTOs","votes":"2","type":"x","order":"3","pct":66.67,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    Advisories

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.