This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Munin-Monitoring First view 2012-08-26
Product Munin Last view 2017-02-22
Version Type Application
Update  
Edition  
Language  
Sofware Edition  
Target Software  
Target Hardware  
Other  

Activity : Overall

COMMON PLATFORM ENUMERATION: Repartition per Version

CPE Name Affected CVE
cpe:2.3:a:munin-monitoring:munin:2.0_rc4:*:*:*:*:*:*:* 7
cpe:2.3:a:munin-monitoring:munin:2.0:*:*:*:*:*:*:* 6
cpe:2.3:a:munin-monitoring:munin:1.4.5:*:*:*:*:*:*:* 6
cpe:2.3:a:munin-monitoring:munin:*:*:*:*:*:*:*:* 5
cpe:2.3:a:munin-monitoring:munin:2.0.5:*:*:*:*:*:*:* 5
cpe:2.3:a:munin-monitoring:munin:2.0-beta6:*:*:*:*:*:*:* 5
cpe:2.3:a:munin-monitoring:munin:2.0-beta7:*:*:*:*:*:*:* 5
cpe:2.3:a:munin-monitoring:munin:2.0-rc1:*:*:*:*:*:*:* 5
cpe:2.3:a:munin-monitoring:munin:2.0.1:*:*:*:*:*:*:* 5
cpe:2.3:a:munin-monitoring:munin:2.0.2:*:*:*:*:*:*:* 5
cpe:2.3:a:munin-monitoring:munin:2.0-beta4:*:*:*:*:*:*:* 5
cpe:2.3:a:munin-monitoring:munin:2.0-beta5:*:*:*:*:*:*:* 5
cpe:2.3:a:munin-monitoring:munin:2.0-rc7:*:*:*:*:*:*:* 5
cpe:2.3:a:munin-monitoring:munin:2.0.0:*:*:*:*:*:*:* 5
cpe:2.3:a:munin-monitoring:munin:2.0-beta3:*:*:*:*:*:*:* 5
cpe:2.3:a:munin-monitoring:munin:2.0-rc5:*:*:*:*:*:*:* 5
cpe:2.3:a:munin-monitoring:munin:2.0-rc6:*:*:*:*:*:*:* 5
cpe:2.3:a:munin-monitoring:munin:2.0-rc2:*:*:*:*:*:*:* 5
cpe:2.3:a:munin-monitoring:munin:2.0-beta1:*:*:*:*:*:*:* 5
cpe:2.3:a:munin-monitoring:munin:2.0-rc3:*:*:*:*:*:*:* 5
cpe:2.3:a:munin-monitoring:munin:2.0-rc4:*:*:*:*:*:*:* 5
cpe:2.3:a:munin-monitoring:munin:2.0.3:*:*:*:*:*:*:* 5
cpe:2.3:a:munin-monitoring:munin:2.0.4:*:*:*:*:*:*:* 5
cpe:2.3:a:munin-monitoring:munin:2.0-beta2:*:*:*:*:*:*:* 5
cpe:2.3:a:munin-monitoring:munin:2.0.7:*:*:*:*:*:*:* 3
cpe:2.3:a:munin-monitoring:munin:2.0.11:*:*:*:*:*:*:* 3
cpe:2.3:a:munin-monitoring:munin:2.0.12:*:*:*:*:*:*:* 3
cpe:2.3:a:munin-monitoring:munin:2.0.10:*:*:*:*:*:*:* 3
cpe:2.3:a:munin-monitoring:munin:2.0.11.1:*:*:*:*:*:*:* 3
cpe:2.3:a:munin-monitoring:munin:2.0.8:*:*:*:*:*:*:* 3
cpe:2.3:a:munin-monitoring:munin:2.0.9:*:*:*:*:*:*:* 3
cpe:2.3:a:munin-monitoring:munin:2.0.15:*:*:*:*:*:*:* 3
cpe:2.3:a:munin-monitoring:munin:2.0.16:*:*:*:*:*:*:* 3
cpe:2.3:a:munin-monitoring:munin:2.0.6:*:*:*:*:*:*:* 3
cpe:2.3:a:munin-monitoring:munin:2.0.13:*:*:*:*:*:*:* 3
cpe:2.3:a:munin-monitoring:munin:2.0.14:*:*:*:*:*:*:* 3
cpe:2.3:a:munin-monitoring:munin:2.1:*:*:*:*:*:*:* 2

Related : CVE

  Date Alert Description
5.5 2017-02-22 CVE-2017-6188

Munin before 2.999.6 has a local file write vulnerability when CGI graphs are enabled. Setting multiple upper_limit GET parameters allows overwriting any file accessible to the www-data user.
4.3 2013-12-13 CVE-2013-6359

Munin::Master::Node in Munin before 2.0.18 allows remote attackers to cause a denial of service (abort data collection for node) via a plugin that uses "multigraph" as a multigraph service name.
5 2013-12-13 CVE-2013-6048

The get_group_tree function in lib/Munin/Master/HTMLConfig.pm in Munin before 2.0.18 allows remote nodes to cause a denial of service (infinite loop and memory consumption in the munin-html process) via crafted multigraph data.
9.3 2012-11-21 CVE-2012-3513

munin-cgi-graph in Munin before 2.0.6, when running as a CGI module under Apache, allows remote attackers to load new configurations and create files in arbitrary directories via the logdir command.
7.2 2012-11-21 CVE-2012-3512

Munin before 2.0.6 stores plugin state files that run as root in the same group-writable directory as non-root plugins, which allows local users to execute arbitrary code by replacing a state file, as demonstrated using the smart_ plugin.
5 2012-08-26 CVE-2012-4678

munin-cgi-graph for Munin 2.0 rc4 does not delete temporary files, which allows remote attackers to cause a denial of service (disk consumption) via many requests to an image with unique parameters.
5 2012-08-26 CVE-2012-2147

munin-cgi-graph in Munin 2.0 rc4 allows remote attackers to cause a denial of service (disk or memory consumption) via many image requests with large values in the (1) size_x or (2) size_y parameters.
6.8 2012-08-26 CVE-2012-2104

cgi-bin/munin-cgi-graph in Munin 2.x writes data to a log file without sanitizing non-printable characters, which might allow user-assisted remote attackers to inject terminal emulator escape sequences and execute arbitrary commands or delete arbitrary files via a crafted HTTP request.
1.2 2012-08-26 CVE-2012-2103

The qmailscan plugin for Munin 1.4.5 allows local users to overwrite arbitrary files via a symlink attack on temporary files with predictable names.

CWE : Common Weakness Enumeration

%idName
44% (4) CWE-20 Improper Input Validation
22% (2) CWE-399 Resource Management Errors
22% (2) CWE-264 Permissions, Privileges, and Access Controls
11% (1) CWE-59 Improper Link Resolution Before File Access ('Link Following')

Oval Markup Language : Definitions

OvalID Name
oval:org.mitre.oval:def:18075 USN-1622-1 -- munin vulnerabilities
oval:org.mitre.oval:def:20723 DSA-2815-1 munin - denial of service
oval:org.mitre.oval:def:22429 USN-2090-1 -- munin vulnerabilities

OpenVAS Exploits

id Description
2012-11-06 Name : Ubuntu Update for munin USN-1622-1
File : nvt/gb_ubuntu_USN_1622_1.nasl
2012-09-27 Name : Fedora Update for munin FEDORA-2012-13649
File : nvt/gb_fedora_2012_13649_munin_fc16.nasl
2012-09-27 Name : Fedora Update for munin FEDORA-2012-13683
File : nvt/gb_fedora_2012_13683_munin_fc17.nasl

Nessus® Vulnerability Scanner

id Description
2017-10-09 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-201710-05.nasl - Type: ACT_GATHER_INFO
2017-04-21 Name: The remote Amazon Linux AMI host is missing a security update.
File: ala_ALAS-2017-818.nasl - Type: ACT_GATHER_INFO
2017-03-13 Name: The remote Fedora host is missing a security update.
File: fedora_2017-3776c9d747.nasl - Type: ACT_GATHER_INFO
2017-03-13 Name: The remote Fedora host is missing a security update.
File: fedora_2017-25df1dbd02.nasl - Type: ACT_GATHER_INFO
2017-03-07 Name: The remote openSUSE host is missing a security update.
File: openSUSE-2017-310.nasl - Type: ACT_GATHER_INFO
2017-03-03 Name: The remote Ubuntu host is missing a security-related patch.
File: ubuntu_USN-3215-1.nasl - Type: ACT_GATHER_INFO
2017-02-27 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-3794.nasl - Type: ACT_GATHER_INFO
2015-03-26 Name: The remote Debian host is missing a security update.
File: debian_DLA-20.nasl - Type: ACT_GATHER_INFO
2014-10-12 Name: The remote Amazon Linux AMI host is missing a security update.
File: ala_ALAS-2014-348.nasl - Type: ACT_GATHER_INFO
2014-05-19 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-201405-17.nasl - Type: ACT_GATHER_INFO
2014-04-07 Name: The remote Fedora host is missing a security update.
File: fedora_2014-4542.nasl - Type: ACT_GATHER_INFO
2014-04-07 Name: The remote Fedora host is missing a security update.
File: fedora_2014-4462.nasl - Type: ACT_GATHER_INFO
2014-02-05 Name: The remote Amazon Linux AMI host is missing a security update.
File: ala_ALAS-2014-275.nasl - Type: ACT_GATHER_INFO
2014-01-28 Name: The remote Ubuntu host is missing a security-related patch.
File: ubuntu_USN-2090-1.nasl - Type: ACT_GATHER_INFO
2013-12-23 Name: The remote Mandriva Linux host is missing one or more security updates.
File: mandriva_MDVSA-2013-297.nasl - Type: ACT_GATHER_INFO
2013-12-17 Name: The remote Fedora host is missing a security update.
File: fedora_2013-23016.nasl - Type: ACT_GATHER_INFO
2013-12-17 Name: The remote Fedora host is missing a security update.
File: fedora_2013-22993.nasl - Type: ACT_GATHER_INFO
2013-12-16 Name: The remote Fedora host is missing a security update.
File: fedora_2013-22968.nasl - Type: ACT_GATHER_INFO
2013-12-10 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-2815.nasl - Type: ACT_GATHER_INFO
2013-09-04 Name: The remote Amazon Linux AMI host is missing a security update.
File: ala_ALAS-2012-130.nasl - Type: ACT_GATHER_INFO
2013-04-20 Name: The remote Mandriva Linux host is missing one or more security updates.
File: mandriva_MDVSA-2013-105.nasl - Type: ACT_GATHER_INFO
2012-11-06 Name: The remote Ubuntu host is missing a security-related patch.
File: ubuntu_USN-1622-1.nasl - Type: ACT_GATHER_INFO
2012-09-27 Name: The remote Fedora host is missing a security update.
File: fedora_2012-13683.nasl - Type: ACT_GATHER_INFO
2012-09-27 Name: The remote Fedora host is missing a security update.
File: fedora_2012-13649.nasl - Type: ACT_GATHER_INFO
2012-09-18 Name: The remote Fedora host is missing a security update.
File: fedora_2012-13110.nasl - Type: ACT_GATHER_INFO