Mandriva Linux Security Advisory : munin (MDVSA-2013:105)

high Nessus Plugin ID 66117

Language:

Synopsis

The remote Mandriva Linux host is missing one or more security updates.

Description

Updated munin packages fix security vulnerabilities :

The qmailscan plugin for Munin before 2.0 rc6 allows local users to overwrite arbitrary files via a symlink attack on temporary files with predictable names (CVE-2012-2103).

Munin before 2.0.6 stores plugin state files that run as root in the same group-writable directory as non-root plugins, which allows local users to execute arbitrary code by replacing a state file, as demonstrated using the smart_ plugin (CVE-2012-3512).

munin-cgi-graph in Munin before 2.0.6, when running as a CGI module under Apache, allows remote attackers to load new configurations and create files in arbitrary directories via the logdir command (CVE-2012-3513).

Solution

Update the affected munin, munin-master and / or munin-node packages.

Plugin Details

Severity: High

ID: 66117

File Name: mandriva_MDVSA-2013-105.nasl

Version: 1.8

Type: local

Family: Mandriva Local Security Checks

Published: 4/20/2013

Updated: 1/6/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: High

Base Score: 9.3

Temporal Score: 6.9

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: p-cpe:/a:mandriva:linux:munin, p-cpe:/a:mandriva:linux:munin-master, p-cpe:/a:mandriva:linux:munin-node, cpe:/o:mandriva:business_server:1

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/Mandrake/release, Host/Mandrake/rpm-list

Exploit Ease: No known exploits are available

Patch Publication Date: 4/10/2013

Reference Information

CVE: CVE-2012-2103, CVE-2012-3512, CVE-2012-3513

BID: 53031, 55698, 56398

MDVSA: 2013:105

MGASA: 2012-0358

Detections

Analytics