DSA-2815-1 munin -- denial of serviceID: oval:org.secpod.oval:def:601167 | Date: (C)2014-01-08 (M)2022-10-10 |
Class: PATCH | Family: unix |
Christoph Biedl discovered two denial of service vulnerabilities in munin, a network-wide graphing framework. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2013-6048 The Munin::Master::Node module of munin does not properly validate certain data a node sends. A malicious node might exploit this to drive the munin-html process into an infinite loop with memory exhaustion on the munin master. CVE-2013-6359 A malicious node, with a plugin enabled using "multigraph" as a multigraph service name, can abort data collection for the entire node the plugin runs on.