CVE-2012-3513

NameCVE-2012-3513
Descriptionmunin-cgi-graph in Munin before 2.0.6, when running as a CGI module under Apache, allows remote attackers to load new configurations and create files in arbitrary directories via the logdir command.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
Debian Bugs684076

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
munin (PTS)jessie, jessie (lts)2.0.25-1+deb8u3fixed
stretch2.0.33-1fixed
buster2.0.49-1fixed
bullseye2.0.67-3fixed
bookworm2.0.73-1fixed
sid, trixie2.0.76-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
muninsourcesqueeze(not affected)
muninsource(unstable)2.0.6-1684076

Notes

[squeeze] - munin <not-affected> (vulnerable code introduced in 2.x)
http://www.munin-monitoring.org/ticket/1238

Search for package or bug name: Reporting problems