oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Two munin issues, now with CVEs

From: Kurt Seifried <kseifried () redhat com>
Date: Mon, 20 Aug 2012 22:59:39 -0600
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=684075
From: Stevie Trujillo <stevie.trujillo () gmail com>
To: submit () bugs debian org
Subject: Subject: munin: insecure state file handling, munin->root
privilege escalation in smart_ plugin

Please use CVE-2012-3512 for this issue.



http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=684076
From: Stevie Trujillo <stevie.trujillo () gmail com>
To: submit () bugs debian org
Subject: munin-cgi-graph: User can load new config, pointing log to
arbitrary file

Please use CVE-2012-3513 for this issue.


- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBAgAGBQJQMxW7AAoJEBYNRVNeJnmTySQP/A71mseEYiODMo6GZIwdQNG9
1u8I3G715U6Hh/Zu0m6qdHWKzRQVZNsw6us1RAEMMOcYGaUOhK7nUsmqZ0ayGcdL
etc2/oiKzUDPhSbLeAKI1PG+fky6QifNDP7uyngdFBgAotP8Fwy1gn16mNbaJEKU
dhTNeJ8yxAkj6SS0hg20/cttAUFRc8s+oqmeS9MEInbFFsE9CKQkSIRvQpaPA+un
l0MytKnOjZlinaYWv1dATGKAdMTOv8mA9I/M1XECpivXPVc5gBYZGYN2CWY3rhxX
H5ATlGYpog61md7NtJdQUCAQ1Nx4OrXzNBxpS/vdSpxrWGDlMx9HGkVBFbLBgKpx
iLHQRrB8Q4q9GxZA3o4lnVSGs95ncm6HuLchcmS7t2nJ7fa4WlIVKmZo50lYYyO8
l9h9NgJ3HqgT3iP4iGEJfEG8Q7aI6S6OFYdGgld/Fj6QOtDHh6ab3Ld70su/3n6b
4xSgz1bzOdqYZNvc6Ut/6uxk3jHhjkltC5qch5tGjuMg2GkS/KrhROVuEpg5+psw
17naEZepCT++UD293+QgJSRRDthR+uVbpG6Wn08FtRnsiwHef5NvOys9lOC8+vHK
WMGnkmiOhtH+0eVKaYRqRLZKOgXtHqDWeVBHzwVG6uwciQL5CX1oox3JkEN0eMQF
L+MafB6n9JLJAaJhEbCf
=emHA
-----END PGP SIGNATURE-----
Previous By Date Next
Previous By Thread Next

Current thread: