oss-sec mailing list archives
CVE Request (minor) -- Two Munin graphing framework flaws
From: Jan Lieskovsky <jlieskov () redhat com>
Date: Mon, 16 Apr 2012 15:54:21 +0200
Hello Kurt, Steve, vendors, the following three problems has been recently reported against Munin: [1] Insecure temp file use in the qmailscan plug-in: https://bugzilla.redhat.com/show_bug.cgi?id=812889 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=668778 [2] Possibility to inject escape sequences into Munin's log file: https://bugzilla.redhat.com/show_bug.cgi?id=812885 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=668666 [3] Remote users can fill /tmp filesystem: Red Hat would not consider this to be a security flaw => no RH BTS entry. Original report: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=668667 For the first two -- though both of them having minor security impact, under suitable circumstances they could lead to trust boundary crossing => under our opinion they should get a (CVE-2012-*) identifiers. For the third issue -- we wouldn't consider it to be a security flaw. Just as something, which on improperly configured machine could allow to fill in /tmp filesystem (just another way how to do it, when the particular service isn't properly configured). Could you allocate CVE ids for the first two issues? Thank you && Regards, Jan. -- Jan iankko Lieskovsky / Red Hat Security Response Team
Current thread:
- CVE Request (minor) -- Two Munin graphing framework flaws Jan Lieskovsky (Apr 16)
- Re: CVE Request (minor) -- Two Munin graphing framework flaws Kurt Seifried (Apr 16)
- Re: CVE Request (minor) -- Two Munin graphing framework flaws Helmut Grohne (Apr 16)
- Re: CVE Request (minor) -- Two Munin graphing framework flaws Kurt Seifried (Apr 17)
- Re: CVE Request (minor) -- Two Munin graphing framework flaws Helmut Grohne (Apr 17)
- Re: CVE Request (minor) -- Two Munin graphing framework flaws Kurt Seifried (Apr 18)
- Re: Bug#668667: CVE Request (minor) -- Two Munin graphing framework flaws Kenyon Ralph (Apr 18)
- Re: [Packaging] Bug#668667: [oss-security] CVE Request (minor) -- Two Munin graphing framework flaws Holger Levsen (Apr 18)
- Re: CVE Request (minor) -- Two Munin graphing framework flaws Helmut Grohne (Apr 16)
- Re: CVE Request (minor) -- Two Munin graphing framework flaws Kurt Seifried (Apr 16)
- Re: Bug#668667: CVE Request (minor) -- Two Munin graphing framework flaws Steve Schnepp (Apr 27)
- Re: Bug#668667: CVE Request (minor) -- Two Munin graphing framework flaws Kurt Seifried (Apr 28)