Bug#668536: [Packaging] Bug#668536: munin: predictable tmpfile location /tmp/munin-cgi-tmp
tags 668536 + upstream thanks Hi Helmut, many thanks for filing this bug report! On Donnerstag, 12. April 2012, Helmut Grohne wrote: > /usr/lib/cgi-bin/munin-cgi-graph uses predictable filenames in /tmp > which might allow privilege escalation to www-data or denial of serving > graphs. The filenames always start with /tmp/munin-cgi-graph/. doh. To be clear: The path always start with /tmp/munin-cgi-graph/ and then it's fully and easily predictable: the relevant code from master/_bin/munin-cgi-graph.in: sub get_picture_filename { [...] my $cgi_tmp_dir = $config->{cgitmpdir} || "/tmp/munin-cgi-tmp"; [...] return "$cgi_tmp_dir/$domain/$name/$service-$scale.png" . $params; cheers, Holger -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#668536: munin: predictable tmpfile location /tmp/munin-cgi-tmp
Package: munin Version: 2.0~rc4-1 Severity: important Tags: security /usr/lib/cgi-bin/munin-cgi-graph uses predictable filenames in /tmp which might allow privilege escalation to www-data or denial of serving graphs. The filenames always start with /tmp/munin-cgi-graph/. At the moment this issue affects only unstable. A quick workaround for this issue is to change the location to /var/cache/munin/graph or something similar. Note that this directory would need to be created with write permission to the user running cgi scripts (presumably www-data) by postinst. Helmut -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org