oss-sec mailing list archives
Re: CVE Request (minor) -- Two Munin graphing framework flaws
From: Kurt Seifried <kseifried () redhat com>
Date: Wed, 18 Apr 2012 18:37:09 -0600
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 04/17/2012 11:16 PM, Helmut Grohne wrote:
On Tue, Apr 17, 2012 at 11:04:56PM -0600, Kurt Seifried wrote:On 04/16/2012 11:34 PM, Helmut Grohne wrote:The basic requirement is that a plugin called vmstat is configured for the node localhost.localdomain. I just picked it as an example, cause it is present on my system. In practise any plugin for any host will do.Is this the default configuration?I am not that sure about the defaults, because I changed them. However running a Munin without any plugins is pointless. It is like running a mail server that does not transport any mail. You don't even have to guess the name of a configured plugin, because those images are linked from the html. Finding a configured plugin is really no issue on any sane munin installation. Sane administrators may have to restricted access to munin to themselves as to not expose the monitoring results to the public though. Helmut
If anyone can comment on this (default/not), and if you install a plugin does it expose it publicly or does the administrator have to enable remote access? - -- Kurt Seifried Red Hat Security Response Team (SRT) PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQIcBAEBAgAGBQJPj141AAoJEBYNRVNeJnmT8d8P/A/A0j1ruHMoKQitgRHMoY/o c+BIoadQGo5vqoi+wwbLa7gt2ftUQt88ETYILQmL9VkPmgMr9UGnh86eDk66HRnv vda9+DmVIJ+DfuKsNFQp4uwCr+pwIW+wpCLoB0m2zAuUN0aNYm2wVmKHyRtg6hk6 7dr9lG5464Z5F+qNQqN/x+S0muNklcOL4P0Eu/jxpR8GQSNglU5CVRWUJYJu8Vpv stIPEaQujiSuw0WVM/t42cYBY0zGmZvT4Ar7AREg/ORj+GPxJqgKR/gG8yvI/QTV ffk1xaI7ewvjTo2fmCvyLYzUNgGzR2Ih45GKOzbqY2vxhE2DxLxwRUKwd6ntZjpl qJjidYO4RlSnroQisCjBdscdGgDKdnsDBO3s0mnJ7DxtRUf1CpHX4Ou8v0SeoFxr slE8w1WMF4I7/G1U6ZlZiM62mnM/xYRzwuoCcMzy5S9MvZRiRlMO8UbJyCyBkoct QPFr1eHd6Q5UkGeeyGon9xmjPbEdi0abI0fghHvN8p72OKcKzMq3+HCmW1DhrHK/ V+WbewsEiCemlEhYR5Bk3htDOtfytO71KDUTVKg1w56qLe/kBlUBjc7SgHFWxiYS +f4F+RXaVRi1mAX/qst1Dq9vH78afraPiZvJEBSaon2vR+7uiyYZxf8K/prfz/yn OwKeVEJDB874Z2tBNQ6H =bwVP -----END PGP SIGNATURE-----
Current thread:
- CVE Request (minor) -- Two Munin graphing framework flaws Jan Lieskovsky (Apr 16)
- Re: CVE Request (minor) -- Two Munin graphing framework flaws Kurt Seifried (Apr 16)
- Re: CVE Request (minor) -- Two Munin graphing framework flaws Helmut Grohne (Apr 16)
- Re: CVE Request (minor) -- Two Munin graphing framework flaws Kurt Seifried (Apr 17)
- Re: CVE Request (minor) -- Two Munin graphing framework flaws Helmut Grohne (Apr 17)
- Re: CVE Request (minor) -- Two Munin graphing framework flaws Kurt Seifried (Apr 18)
- Re: Bug#668667: CVE Request (minor) -- Two Munin graphing framework flaws Kenyon Ralph (Apr 18)
- Re: [Packaging] Bug#668667: [oss-security] CVE Request (minor) -- Two Munin graphing framework flaws Holger Levsen (Apr 18)
- Re: CVE Request (minor) -- Two Munin graphing framework flaws Helmut Grohne (Apr 16)
- Re: CVE Request (minor) -- Two Munin graphing framework flaws Kurt Seifried (Apr 16)
- Re: Bug#668667: CVE Request (minor) -- Two Munin graphing framework flaws Steve Schnepp (Apr 27)
- Re: Bug#668667: CVE Request (minor) -- Two Munin graphing framework flaws Kurt Seifried (Apr 28)