Munin prior to 2.0.6 stores plugin state files that run as root in the same group-writable directory as non-root plugins, which allows local users to execute arbitrary code by replacing a state file, as demonstrated using the smart_ plugin.
| Vulnerable Product | Search on Vulmon | Subscribe to Product |
|---|---|---|
munin-monitoring munin 2.0.4 |
||
munin-monitoring munin 2.0.3 |
||
munin-monitoring munin 2.0-rc4 |
||
munin-monitoring munin 2.0-rc3 |
||
munin-monitoring munin 2.0-beta1 |
||
munin-monitoring munin 2.0-rc2 |
||
munin-monitoring munin |
||
munin-monitoring munin 2.0-rc6 |
||
munin-monitoring munin 2.0-rc5 |
||
munin-monitoring munin 2.0-beta3 |
||
munin-monitoring munin 2.0-beta2 |
||
munin-monitoring munin 2.0.0 |
||
munin-monitoring munin 2.0-rc7 |
||
munin-monitoring munin 2.0-beta5 |
||
munin-monitoring munin 2.0-beta4 |
||
munin-monitoring munin 2.0.2 |
||
munin-monitoring munin 2.0.1 |
||
munin-monitoring munin 2.0-rc1 |
||
munin-monitoring munin 2.0-beta7 |
||
munin-monitoring munin 2.0-beta6 |
Vulmon