Alerts This Week
Warning Icon 1 758
Alerts This Week
Warning Icon 1 758

Arch Linux: 201905-1 High: Munin Arbitrary File Overwrite

Archlinux Large Esm H446
The package munin before version 2.0.47-1 is vulnerable to arbitrary file overwrite.
Arch Linux Security Advisory ASA-201905-1
========================================
Severity: High
Date    : 2019-05-06
CVE-ID  : CVE-2017-6188
Package : munin
Type    : arbitrary file overwrite
Remote  : Yes
Link    : https://security.archlinux.org/AVG-953

Summary
======
The package munin before version 2.0.47-1 is vulnerable to arbitrary
file overwrite.

Resolution
=========
Upgrade to 2.0.47-1.

# pacman -Syu "munin>=2.0.47-1"

The problem has been fixed upstream in version 2.0.47.

Workaround
=========
None.

Description
==========
A vulnerability in munin allows attackers to overwrite any file
accessible to the webserver user by setting multiple upper_limit GET
parameters when CGI graphs are enabled.

Impact
=====
A remote attacker is able to overwrite arbitrary files on the
filesystem.

References
=========
https://bugs.archlinux.org/task/57537
https://lists.debian.org/debian-security-announce/2017/msg00047.html
https://github.com/munin-monitoring/munin/pull/797/commits/42ce18f24d3eae8be33526a198bf21e4f2330230
https://security.archlinux.org/CVE-2017-6188
Your message here