CVE-2012-4678
Published: 26 August 2012
munin-cgi-graph for Munin 2.0 rc4 does not delete temporary files, which allows remote attackers to cause a denial of service (disk consumption) via many requests to an image with unique parameters.
Priority
Status
| Package | Release | Status |
|---|---|---|
|
munin Launchpad, Ubuntu, Debian |
hardy |
Ignored
(end of life)
|
| lucid |
Not vulnerable
|
|
| natty |
Not vulnerable
|
|
| oneiric |
Not vulnerable
|
|
| precise |
Not vulnerable
(1.4.6-3ubuntu3.1)
|
|
| upstream |
Released
(2.0~rc6-1)
|
|
|
Patches: upstream: http://munin-monitoring.org/changeset/4825 |
||
References
- http://www.openwall.com/lists/oss-security/2012/04/29/2
- http://www.openwall.com/lists/oss-security/2012/04/27/7
- http://www.openwall.com/lists/oss-security/2012/04/19/5
- http://www.openwall.com/lists/oss-security/2012/04/19/4
- http://www.openwall.com/lists/oss-security/2012/04/19/3
- http://www.openwall.com/lists/oss-security/2012/04/18/2
- http://www.openwall.com/lists/oss-security/2012/04/16/6
- http://www.openwall.com/lists/oss-security/2012/04/16/5
- https://www.cve.org/CVERecord?id=CVE-2012-4678
- NVD
- Launchpad
- Debian