CVE-2017-6188

Priority
Description
Munin before 2.999.6 has a local file write vulnerability when CGI graphs
are enabled. Setting multiple upper_limit GET parameters allows overwriting
any file accessible to the www-data user.
Assigned-to
mdeslaur
Notes
Package
Source: munin (LP Ubuntu Debian)
Upstream:released (2.0.31)
Ubuntu 14.04 ESM (Trusty Tahr):released (2.0.19-3ubuntu0.2)
Ubuntu 16.04 LTS (Xenial Xerus):released (2.0.25-2ubuntu0.16.04.2)
Patches:
Upstream:https://github.com/munin-monitoring/munin/commit/42ce18f24d3eae8be33526a198bf21e4f2330230
Upstream:https://github.com/munin-monitoring/munin/commit/549bd25d6a45e153159ef8535fc070a71093a3c9
More Information

Updated: 2019-12-05 18:49:24 UTC (commit dd38ff22974aae499eb50644b9d5a2817483cbdb)