Vulnerability   
Search   
    Search 191973 CVE descriptions
and 86218 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.702815
Category:Debian Local Security Checks
Title:Debian Security Advisory DSA 2815-1 (munin - denial of service)
Summary:Christoph Biedl discovered two denial of service vulnerabilities in;munin, a network-wide graphing framework. The Common Vulnerabilities and;Exposures project identifies the following problems:;;CVE-2013-6048;The Munin::Master::Node module of munin does not properly validate;certain data a node sends. A malicious node might exploit this to;drive the munin-html process into an infinite loop with memory;exhaustion on the munin master.;;CVE-2013-6359A malicious node, with a plugin enabled using multigraph;as a;multigraph service name, can abort data collection for the entire;node the plugin runs on.
Description:Summary:
Christoph Biedl discovered two denial of service vulnerabilities in
munin, a network-wide graphing framework. The Common Vulnerabilities and
Exposures project identifies the following problems:

CVE-2013-6048
The Munin::Master::Node module of munin does not properly validate
certain data a node sends. A malicious node might exploit this to
drive the munin-html process into an infinite loop with memory
exhaustion on the munin master.

CVE-2013-6359A malicious node, with a plugin enabled using multigraph
as a
multigraph service name, can abort data collection for the entire
node the plugin runs on.

Affected Software/OS:
munin on Debian Linux

Solution:
For the stable distribution (wheezy), these problems have been fixed in
version 2.0.6-4+deb7u2.

For the testing distribution (jessie), these problems have been fixed in
version 2.0.18-1.

For the unstable distribution (sid), these problems have been fixed in
version 2.0.18-1.

We recommend that you upgrade your munin packages.

CVSS Score:
5.0

CVSS Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:P

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2013-6359
Debian Security Information: DSA-2815 (Google Search)
http://www.debian.org/security/2013/dsa-2815
http://www.ubuntu.com/usn/USN-2090-1
Common Vulnerability Exposure (CVE) ID: CVE-2013-6048
CopyrightCopyright (C) 2013 Greenbone Networks GmbH http://greenbone.net

This is only one of 86218 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2020 E-Soft Inc. All rights reserved.