U radu programskog paketa Munin, namijenjenog operacijskom sustavu Fedora 18, otkriven je sigurnosni propust. Lokalni ga napadači mogu iskoristiti za stjecanje administratorskih ovlasti.
Paket:
munin 2.x
Operacijski sustavi:
Fedora 18
Problem:
neodgovarajuće rukovanje datotekama
Iskorištavanje:
lokalno
Posljedica:
dobivanje većih privilegija
Rješenje:
programska zakrpa proizvođača
CVE:
CVE-2012-3512
Izvorni ID preporuke:
FEDORA-2012-13110
Izvor:
Fedora
Problem:
Propust je posljedica nesigurnog rukovanja određenim datotekama.
Posljedica:
Napadačima omogućuje dobivanje administratorskih ovlasti.
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2012-13110
2012-09-01 16:49:15
--------------------------------------------------------------------------------
Name : munin
Product : Fedora 18
Version : 2.0.6
Release : 1.fc18
URL : http://munin-monitoring.org/
Summary : Network-wide graphing framework (grapher/gatherer)
Description :
Munin is a highly flexible and powerful solution used to create graphs
of virtually everything imaginable throughout your network, while still
maintaining a rattling ease of installation and configuration.
This package contains the grapher/gatherer. You will only need one instance of
it in your network. It will periodically poll all the nodes in your network
it's aware of for data, which it in turn will use to create graphs and HTML
pages, suitable for viewing with your graphical web browser of choice.
Munin is written in Perl, and relies heavily on Tobi Oetiker's excellent
RRDtool.
--------------------------------------------------------------------------------
Update Information:
Update to 2.0.6, and bug fixes
Added init files for asyncd
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #851375 - -bash: /etc/init.d/munin-asyncd: @@GOODSH@@: bad
interpreter: No such file or directory
https://bugzilla.redhat.com/show_bug.cgi?id=851375
[ 2 ] Bug #849831 - CVE-2012-3512 munin: insecure state file handling,
munin->root privilege [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=849831
[ 3 ] Bug #849834 - CVE-2012-3512 munin: insecure state file handling,
munin->root privilege [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=849834
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update munin' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list
Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
https://admin.fedoraproject.org/mailman/listinfo/package-announce
Posljednje sigurnosne preporuke