Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

CVE-2012-3512

Published: 21 August 2012

Munin before 2.0.6 stores plugin state files that run as root in the same group-writable directory as non-root plugins, which allows local users to execute arbitrary code by replacing a state file, as demonstrated using the smart_ plugin.

Notes

AuthorNote
sbeattie 
munin user/group to root escalation

Priority

Medium

Status

Package Release Status
munin
Launchpad, Ubuntu, Debian 		hardy Ignored
(end of life)
lucid
Released (1.4.4-1ubuntu1.2)
natty Ignored
(end of life)
oneiric
Released (1.4.5-3ubuntu4.11.10.2)
precise
Released (1.4.6-3ubuntu3.3)
quantal
Released (2.0.2-1ubuntu2.2)
upstream
Released (2.0.6~git-1)
Patches:
upstream: http://anonscm.debian.org/gitweb/?p=collab-maint/munin.git;a=commit;h=780634c4a48fc57b6631d644fca3649f1417d211
upstream: http://anonscm.debian.org/gitweb/?p=collab-maint/munin.git;a=commit;h=9f2643c4cb13a34deadfea8fb7e8a29fa54fdc8e
upstream: http://anonscm.debian.org/gitweb/?p=collab-maint/munin.git;a=commit;h=6183662a2b96c2c3b1b4cfc4b80ce28063d025c2
upstream: http://anonscm.debian.org/gitweb/?p=collab-maint/munin.git;a=commit;h=2b8d82e0c52ccdd79ca480788f7ef4d3325b4cb0

References

Bugs

Join the discussion

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›

Further reading