ALAS-2017-818

Metadata

low
1.9
munin
CVE-2017-6188
2017-04-20
2017-06-16 19:22
v3.5/community/munin-2.0.33-r0
CVE-2017-6188 munin
CVE-2017-6188
2017-04-21 00:04

Description

Munin before 2.999.6 has a local file write vulnerability when CGI graphs are enabled. Setting multiple upper_limit GET parameters allows overwriting any file accessible to the www-data user. (CVE-2017-6188 )

Am I vulnerable?

The constraints below list the versions that this vulnerability is patched in, and versions that are unaffected. If a patch is ready but unrealeased, then it is pending.

Or, you can just let us figure it out for you! Appcanary continously monitor your installed packages, and tell you if any of them are vulnerable.

Sign up for monitoring

Affected package information

Package Patched in
munin munin-2.0.30-5.38.amzn1.src
munin munin-2.0.30-5.38.amzn1.noarch
munin-async munin-async-2.0.30-5.38.amzn1.noarch
munin-cgi munin-cgi-2.0.30-5.38.amzn1.noarch
munin-common munin-common-2.0.30-5.38.amzn1.noarch
munin-java-plugins munin-java-plugins-2.0.30-5.38.amzn1.noarch
munin-netip-plugins munin-netip-plugins-2.0.30-5.38.amzn1.noarch
munin-nginx munin-nginx-2.0.30-5.38.amzn1.noarch
munin-node munin-node-2.0.30-5.38.amzn1.noarch
munin-ruby-plugins munin-ruby-plugins-2.0.30-5.38.amzn1.noarch