VYPR
← All advisories
Unrated severityNVD Advisory· Published Nov 21, 2012· Updated Apr 29, 2026

CVE-2012-3512

CVE-2012-3512

Description

Munin before 2.0.6 stores plugin state files that run as root in the same group-writable directory as non-root plugins, which allows local users to execute arbitrary code by replacing a state file, as demonstrated using the smart_ plugin.

Affected products

20
  • Munin Monitoring/Munin20 versions
    cpe:2.3:a:munin-monitoring:munin:*:*:*:*:*:*:*:*+ 19 more
    • cpe:2.3:a:munin-monitoring:munin:*:*:*:*:*:*:*:*range: <=2.0.5
    • cpe:2.3:a:munin-monitoring:munin:2.0-beta1:*:*:*:*:*:*:*
    • cpe:2.3:a:munin-monitoring:munin:2.0-beta2:*:*:*:*:*:*:*
    • cpe:2.3:a:munin-monitoring:munin:2.0-beta3:*:*:*:*:*:*:*
    • cpe:2.3:a:munin-monitoring:munin:2.0-beta4:*:*:*:*:*:*:*
    • cpe:2.3:a:munin-monitoring:munin:2.0-beta5:*:*:*:*:*:*:*
    • cpe:2.3:a:munin-monitoring:munin:2.0-beta6:*:*:*:*:*:*:*
    • cpe:2.3:a:munin-monitoring:munin:2.0-beta7:*:*:*:*:*:*:*
    • cpe:2.3:a:munin-monitoring:munin:2.0-rc1:*:*:*:*:*:*:*
    • cpe:2.3:a:munin-monitoring:munin:2.0-rc2:*:*:*:*:*:*:*
    • cpe:2.3:a:munin-monitoring:munin:2.0-rc3:*:*:*:*:*:*:*
    • cpe:2.3:a:munin-monitoring:munin:2.0-rc4:*:*:*:*:*:*:*
    • cpe:2.3:a:munin-monitoring:munin:2.0-rc5:*:*:*:*:*:*:*
    • cpe:2.3:a:munin-monitoring:munin:2.0-rc6:*:*:*:*:*:*:*
    • cpe:2.3:a:munin-monitoring:munin:2.0-rc7:*:*:*:*:*:*:*
    • cpe:2.3:a:munin-monitoring:munin:2.0.0:*:*:*:*:*:*:*
    • cpe:2.3:a:munin-monitoring:munin:2.0.1:*:*:*:*:*:*:*
    • cpe:2.3:a:munin-monitoring:munin:2.0.2:*:*:*:*:*:*:*
    • cpe:2.3:a:munin-monitoring:munin:2.0.3:*:*:*:*:*:*:*
    • cpe:2.3:a:munin-monitoring:munin:2.0.4:*:*:*:*:*:*:*

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

8

News mentions

0

No linked articles in our index yet.