CVE-2012-4678 : munin-cgi-graph for Munin 2.0 rc4 does not delete temporary files, which allows

munin-cgi-graph for Munin 2.0 rc4 does not delete temporary files, which allows remote attackers to cause a denial of service (disk consumption) via many requests to an image with unique parameters.

Published 2012-08-26 21:55:02

Updated 2012-08-27 13:05:43

Source MITRE

View at NVD, CVE.org

Vulnerability category: Denial of service

Products affected by CVE-2012-4678

Munin-monitoring » Munin » Version: 2.0 Rc4
cpe:2.3:a:munin-monitoring:munin:2.0_rc4:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2012-4678

EPSS FAQ

1.94%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 82 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2012-4678

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
5.0	MEDIUM	AV:N/AC:L/Au:N/C:N/I:N/A:P	10.0	2.9	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: None Integrity Impact: None Availability Impact: Partial

CWE ids for CVE-2012-4678

CWE-399

Assigned by: nvd@nist.gov (Primary)

References for CVE-2012-4678

https://bugzilla.redhat.com/show_bug.cgi?id=812889

812889 – (CVE-2012-2103) CVE-2012-2103 munin: Insecure temp file use in qmailscan plug-in

CVEs referencing this url
http://www.openwall.com/lists/oss-security/2012/04/19/4

oss-security - Re: Bug#668667: CVE Request (minor) -- Two Munin graphing framework flaws

CVEs referencing this url
http://www.openwall.com/lists/oss-security/2012/04/27/7

oss-security - Re: Bug#668667: CVE Request (minor) -- Two Munin graphing framework flaws

CVEs referencing this url
http://munin-monitoring.org/changeset/4825

410 SVN repo not available anymore
http://www.openwall.com/lists/oss-security/2012/04/16/5

oss-security - CVE Request (minor) -- Two Munin graphing framework flaws

CVEs referencing this url
http://www.openwall.com/lists/oss-security/2012/04/29/2

oss-security - Re: Bug#668667: CVE Request (minor) -- Two Munin graphing framework flaws

CVEs referencing this url
http://www.openwall.com/lists/oss-security/2012/04/18/2

oss-security - Re: CVE Request (minor) -- Two Munin graphing framework flaws

CVEs referencing this url
http://www.openwall.com/lists/oss-security/2012/04/19/3

oss-security - Re: CVE Request (minor) -- Two Munin graphing framework flaws

CVEs referencing this url
http://www.openwall.com/lists/oss-security/2012/04/16/6

oss-security - Re: CVE Request (minor) -- Two Munin graphing framework flaws

CVEs referencing this url
http://www.securityfocus.com/bid/53034

Munin Insecure Temporary File Creation Vulnerability
http://www.openwall.com/lists/oss-security/2012/04/19/5

oss-security - Re: [Packaging] Bug#668667: CVE Request (minor) -- Two Munin graphing framework flaws

CVEs referencing this url
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=668667

#668667 - munin-cgi-graph: remote users can fill the /tmp filesystem - Debian Bug report logs

Jump to

Vulnerability Details : CVE-2012-4678

Products affected by CVE-2012-4678

Exploit prediction scoring system (EPSS) score for CVE-2012-4678

CVSS scores for CVE-2012-4678

CWE ids for CVE-2012-4678

References for CVE-2012-4678