7.2

CVE-2012-3512

Exploit
Munin before 2.0.6 stores plugin state files that run as root in the same group-writable directory as non-root plugins, which allows local users to execute arbitrary code by replacing a state file, as demonstrated using the smart_ plugin.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Munin-monitoringMunin Version <= 2.0.5
Munin-monitoringMunin Version2.0-beta1
Munin-monitoringMunin Version2.0-beta2
Munin-monitoringMunin Version2.0-beta3
Munin-monitoringMunin Version2.0-beta4
Munin-monitoringMunin Version2.0-beta5
Munin-monitoringMunin Version2.0-beta6
Munin-monitoringMunin Version2.0-beta7
Munin-monitoringMunin Version2.0-rc1
Munin-monitoringMunin Version2.0-rc2
Munin-monitoringMunin Version2.0-rc3
Munin-monitoringMunin Version2.0-rc4
Munin-monitoringMunin Version2.0-rc5
Munin-monitoringMunin Version2.0-rc6
Munin-monitoringMunin Version2.0-rc7
Munin-monitoringMunin Version2.0.0
Munin-monitoringMunin Version2.0.1
Munin-monitoringMunin Version2.0.2
Munin-monitoringMunin Version2.0.3
Munin-monitoringMunin Version2.0.4
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.59% 0.435
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.2 3.9 10
AV:L/AC:L/Au:N/C:C/I:C/A:C
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://www.ubuntu.com/usn/USN-1622-1
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=684075
Exploit
http://lists.fedoraproject.org/pipermail/package-announce/2012-September/086375.html
http://lists.fedoraproject.org/pipermail/package-announce/2012-September/088239.html
http://lists.fedoraproject.org/pipermail/package-announce/2012-September/088260.html
http://www.munin-monitoring.org/ticket/1234
Vendor Advisory
Exploit
http://www.openwall.com/lists/oss-security/2012/08/21/1
http://www.securityfocus.com/bid/55698