[3.6] munin: Local file write vulnerability with CGI graphs enabled (CVE-2017-6188)
Munin has a local file write vulnerability when CGI graphs are enabled.
Setting
multiple “upper_limit” GET parameters allows overwriting any file
accessible to the www-data user.
References:
https://github.com/munin-monitoring/munin/issues/721
http://openwall.com/lists/oss-security/2017/02/22/4
Patch:
https://github.com/munin-monitoring/munin/commit/4c0ec5c6a4432c094b1bbec8d5c9346e1477ab3f
(from redmine: issue id 6951, created on 2017-03-03, closed on 2017-04-04)
- Relations:
- parent #6950 (closed)
- Changesets:
- Revision 186663ba by Sergei Lukin on 2017-03-07T10:24:43Z:
community/munin: security upgrade to 2.0.33 - fixes #6951
CVE-2017-6188: Local file write vulnerability with CGI graphs enabled