munin: Local file write vulnerability with CGI graphs enabled (CVE-2017-6188)
Munin has a local file write vulnerability when CGI graphs are enabled.
Setting
multiple “upper_limit” GET parameters allows overwriting any file
accessible to the www-data user.
References:
https://github.com/munin-monitoring/munin/issues/721
http://openwall.com/lists/oss-security/2017/02/22/4
Patch:
https://github.com/munin-monitoring/munin/commit/4c0ec5c6a4432c094b1bbec8d5c9346e1477ab3f
(from redmine: issue id 6950, created on 2017-03-03, closed on 2017-04-04)
- Relations:
- child #6951 (closed)
- child #6952 (closed)