CVE-2017-6188

Priority
Medium
Description
Munin before 2.999.6 has a local file write vulnerability when CGI graphs
are enabled. Setting multiple upper_limit GET parameters allows overwriting
any file accessible to the www-data user.
References
Bugs
Assigned-to
mdeslaur
Package
Source: munin (LP Ubuntu Debian)
Upstream:released (2.0.31)
Ubuntu 14.04 LTS (Trusty Tahr):released (2.0.19-3ubuntu0.2)
Ubuntu Core 15.04:DNE
Ubuntu 16.04 LTS (Xenial Xerus):released (2.0.25-2ubuntu0.16.04.2)
Ubuntu 17.04 (Zesty Zapus):not-affected (2.0.31-1)
Patches:
Upstream:https://github.com/munin-monitoring/munin/commit/42ce18f24d3eae8be33526a198bf21e4f2330230
Upstream:https://github.com/munin-monitoring/munin/commit/549bd25d6a45e153159ef8535fc070a71093a3c9
More Information

Updated: 2017-08-11 23:55:54 UTC (commit 13081)