oss-sec mailing list archives
Two munin issues, now with CVEs
From: Kurt Seifried <kseifried () redhat com>
Date: Mon, 20 Aug 2012 22:59:39 -0600
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=684075 From: Stevie Trujillo <stevie.trujillo () gmail com> To: submit () bugs debian org Subject: Subject: munin: insecure state file handling, munin->root privilege escalation in smart_ plugin Please use CVE-2012-3512 for this issue. http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=684076 From: Stevie Trujillo <stevie.trujillo () gmail com> To: submit () bugs debian org Subject: munin-cgi-graph: User can load new config, pointing log to arbitrary file Please use CVE-2012-3513 for this issue. - -- Kurt Seifried Red Hat Security Response Team (SRT) PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQIcBAEBAgAGBQJQMxW7AAoJEBYNRVNeJnmTySQP/A71mseEYiODMo6GZIwdQNG9 1u8I3G715U6Hh/Zu0m6qdHWKzRQVZNsw6us1RAEMMOcYGaUOhK7nUsmqZ0ayGcdL etc2/oiKzUDPhSbLeAKI1PG+fky6QifNDP7uyngdFBgAotP8Fwy1gn16mNbaJEKU dhTNeJ8yxAkj6SS0hg20/cttAUFRc8s+oqmeS9MEInbFFsE9CKQkSIRvQpaPA+un l0MytKnOjZlinaYWv1dATGKAdMTOv8mA9I/M1XECpivXPVc5gBYZGYN2CWY3rhxX H5ATlGYpog61md7NtJdQUCAQ1Nx4OrXzNBxpS/vdSpxrWGDlMx9HGkVBFbLBgKpx iLHQRrB8Q4q9GxZA3o4lnVSGs95ncm6HuLchcmS7t2nJ7fa4WlIVKmZo50lYYyO8 l9h9NgJ3HqgT3iP4iGEJfEG8Q7aI6S6OFYdGgld/Fj6QOtDHh6ab3Ld70su/3n6b 4xSgz1bzOdqYZNvc6Ut/6uxk3jHhjkltC5qch5tGjuMg2GkS/KrhROVuEpg5+psw 17naEZepCT++UD293+QgJSRRDthR+uVbpG6Wn08FtRnsiwHef5NvOys9lOC8+vHK WMGnkmiOhtH+0eVKaYRqRLZKOgXtHqDWeVBHzwVG6uwciQL5CX1oox3JkEN0eMQF L+MafB6n9JLJAaJhEbCf =emHA -----END PGP SIGNATURE-----
Current thread:
- Two munin issues, now with CVEs Kurt Seifried (Aug 20)