ID CVE-2017-6188
Summary Munin before 2.999.6 has a local file write vulnerability when CGI graphs are enabled. Setting multiple upper_limit GET parameters allows overwriting any file accessible to the www-data user.
References
Vulnerable Configurations
  • cpe:2.3:a:munin-monitoring:munin:2.999.2
    cpe:2.3:a:munin-monitoring:munin:2.999.2
CVSS
Base: 1.9 (as of 24-02-2017 - 15:00)
Impact:
Exploitability:
CWE CWE-284
CAPEC
  • Embedding Scripts within Scripts
    An attack of this type exploits a programs' vulnerabilities that are brought on by allowing remote hosts to execute scripts. The attacker leverages this capability to execute scripts to execute his/her own script by embedding it within other scripts that the target software is likely to execute. The attacker must have the ability to inject script into script that is likely to be executed. If this is done, then the attacker can potentially launch a variety of probes and attacks against the web server's local environment, in many cases the so-called DMZ, back end resources the web server can communicate with, and other hosts. With the proliferation of intermediaries, such as Web App Firewalls, network devices, and even printers having JVMs and Web servers, there are many locales where an attacker can inject malicious scripts. Since this attack pattern defines scripts within scripts, there are likely privileges to execute said attack on the host. Of course, these attacks are not solely limited to the server side, client side scripts like Ajax and client side JavaScript can contain malicious scripts as well. In general all that is required is for there to be sufficient privileges to execute a script, but not protected against writing.
  • Signature Spoofing by Key Theft
    An attacker obtains an authoritative or reputable signer's private signature key by theft and then uses this key to forge signatures from the original signer to mislead a victim into performing actions that benefit the attacker.
Access
VectorComplexityAuthentication
LOCAL MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
NONE PARTIAL NONE
nessus via4
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-3794.NASL
    description Stevie Trujillo discovered a local file write vulnerability in munin, a network-wide graphing framework, when CGI graphs are enabled. GET parameters are not properly handled, allowing to inject options into munin-cgi-graph and overwriting any file accessible by the user running the cgi-process.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 97398
    published 2017-02-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=97398
    title Debian DSA-3794-1 : munin - security update
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201710-05.NASL
    description The remote host is affected by the vulnerability described in GLSA-201710-05 (Munin: Arbitrary file write) When Munin is compiled with CGI graphics enabled then the files accessible to the www-data user can be overwritten. Impact : A local attacker, by setting multiple upper_limit GET parameters, could overwrite files accessible to the www-user. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2017-10-09
    plugin id 103723
    published 2017-10-09
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=103723
    title GLSA-201710-05 : Munin: Arbitrary file write
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-3215-1.NASL
    description It was discovered that Munin incorrectly handled CGI graphs. A remote attacker could use this issue to overwrite arbitrary files as the www-data user. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 97523
    published 2017-03-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=97523
    title Ubuntu 14.04 LTS : munin vulnerability (USN-3215-1)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2017-25DF1DBD02.NASL
    description - CVE-2017-6188: Upstream PR 797: Fix wrong parameter expansion in CGI Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2017-03-13
    plugin id 97673
    published 2017-03-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=97673
    title Fedora 24 : munin (2017-25df1dbd02)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2017-310.NASL
    description This update for munin fixes the following issues : - An attacker has been able to write arbitrary local files with the permissions of the web server, by using parameter injection (boo#1026539, CVE-2017-6188) - The MySQL plugin has been fixed to work correctly against MySQL 5.5 on Leap 42.1
    last seen 2019-02-21
    modified 2017-03-07
    plugin id 97567
    published 2017-03-07
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=97567
    title openSUSE Security Update : munin (openSUSE-2017-310)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2017-3776C9D747.NASL
    description - CVE-2017-6188: Upstream PR 797: Fix wrong parameter expansion in CGI Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2017-03-13
    plugin id 97676
    published 2017-03-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=97676
    title Fedora 25 : munin (2017-3776c9d747)
  • NASL family Amazon Linux Local Security Checks
    NASL id ALA_ALAS-2017-818.NASL
    description Munin before 2.999.6 has a local file write vulnerability when CGI graphs are enabled. Setting multiple upper_limit GET parameters allows overwriting any file accessible to the www-data user. (CVE-2017-6188)
    last seen 2019-02-21
    modified 2018-04-18
    plugin id 99531
    published 2017-04-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=99531
    title Amazon Linux AMI : munin (ALAS-2017-818)
refmap via4
bid 96399
confirm
debian DSA-3794
gentoo GLSA-201710-05
Last major update 01-03-2017 - 21:59
Published 22-02-2017 - 14:59
Last modified 09-10-2017 - 21:30
Back to Top