CVE-2012-3512
Severity CVSS v4.0:
Pending analysis
Type:
CWE-264
Permissions, Privileges, and Access Control
Publication date:
21/11/2012
Last modified:
11/04/2025
Description
Munin before 2.0.6 stores plugin state files that run as root in the same group-writable directory as non-root plugins, which allows local users to execute arbitrary code by replacing a state file, as demonstrated using the smart_ plugin.
Impact
Base Score 2.0
7.20
Severity 2.0
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:munin-monitoring:munin:*:*:*:*:*:*:*:* | 2.0.5 (including) | |
| cpe:2.3:a:munin-monitoring:munin:2.0-beta1:*:*:*:*:*:*:* | ||
| cpe:2.3:a:munin-monitoring:munin:2.0-beta2:*:*:*:*:*:*:* | ||
| cpe:2.3:a:munin-monitoring:munin:2.0-beta3:*:*:*:*:*:*:* | ||
| cpe:2.3:a:munin-monitoring:munin:2.0-beta4:*:*:*:*:*:*:* | ||
| cpe:2.3:a:munin-monitoring:munin:2.0-beta5:*:*:*:*:*:*:* | ||
| cpe:2.3:a:munin-monitoring:munin:2.0-beta6:*:*:*:*:*:*:* | ||
| cpe:2.3:a:munin-monitoring:munin:2.0-beta7:*:*:*:*:*:*:* | ||
| cpe:2.3:a:munin-monitoring:munin:2.0-rc1:*:*:*:*:*:*:* | ||
| cpe:2.3:a:munin-monitoring:munin:2.0-rc2:*:*:*:*:*:*:* | ||
| cpe:2.3:a:munin-monitoring:munin:2.0-rc3:*:*:*:*:*:*:* | ||
| cpe:2.3:a:munin-monitoring:munin:2.0-rc4:*:*:*:*:*:*:* | ||
| cpe:2.3:a:munin-monitoring:munin:2.0-rc5:*:*:*:*:*:*:* | ||
| cpe:2.3:a:munin-monitoring:munin:2.0-rc6:*:*:*:*:*:*:* | ||
| cpe:2.3:a:munin-monitoring:munin:2.0-rc7:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=684075
- http://lists.fedoraproject.org/pipermail/package-announce/2012-September/086375.html
- http://lists.fedoraproject.org/pipermail/package-announce/2012-September/088239.html
- http://lists.fedoraproject.org/pipermail/package-announce/2012-September/088260.html
- http://www.munin-monitoring.org/ticket/1234
- http://www.openwall.com/lists/oss-security/2012/08/21/1
- http://www.securityfocus.com/bid/55698
- http://www.ubuntu.com/usn/USN-1622-1
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=684075
- http://lists.fedoraproject.org/pipermail/package-announce/2012-September/086375.html
- http://lists.fedoraproject.org/pipermail/package-announce/2012-September/088239.html
- http://lists.fedoraproject.org/pipermail/package-announce/2012-September/088260.html
- http://www.munin-monitoring.org/ticket/1234
- http://www.openwall.com/lists/oss-security/2012/08/21/1
- http://www.securityfocus.com/bid/55698
- http://www.ubuntu.com/usn/USN-1622-1