1
PublicDateAtUSN: 2012-08-22
2
Candidate: CVE-2012-3513
5
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3513
6
https://usn.ubuntu.com/usn/usn-1622-1
8
munin-cgi-graph in Munin before 2.0.6, when running as a CGI module under
9
Apache, allows remote attackers to load new configurations and create files
10
in arbitrary directories via the logdir command.
13
mdeslaur> introduced in http://anonscm.debian.org/gitweb/?p=collab-maint/munin.git;a=commit;h=6a0c4523269977c851a3c63f5add492511c4c55f
14
mdeslaur> So only affects 2.x
16
http://www.munin-monitoring.org/ticket/1238
17
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=684076
23
upstream: http://anonscm.debian.org/gitweb/?p=collab-maint/munin.git;a=commit;h=db9ba4c44621bfed6e6c83e3f0a22cb18f0671a2
24
upstream: http://anonscm.debian.org/gitweb/?p=collab-maint/munin.git;a=commit;h=980f5c5f8da8036fb71f44caf99bd3be909e9796
25
upstream_munin: released (2.0.6~git-1)
26
hardy_munin: ignored (reached end-of-life)
27
lucid_munin: not-affected
28
natty_munin: not-affected
29
oneiric_munin: not-affected
30
precise_munin: not-affected
31
quantal_munin: released (2.0.2-1ubuntu2.2)
32
devel_munin: released (2.0.2-1ubuntu3)