Gentoo Linux Security Advisory 201405-17 - Multiple vulnerabilities have been discovered in Munin which may lead to symlink attacks, file creation, or bypass of security restrictions. Versions less than 2.0.8-r2 are affected.
e8a15c8218cf86576ef0bd53943c4b2c178ec574c17b3e1179293adad2af8a1c
Mandriva Linux Security Advisory 2013-105 - The qmailscan plugin for Munin before 2.0 rc6 allows local users to overwrite arbitrary files via a symlink attack on temporary files with predictable names. Munin before 2.0.6 stores plugin state files that run as root in the same group-writable directory as non-root plugins, which allows local users to execute arbitrary code by replacing a state file, as demonstrated using the smart_ plugin. munin-cgi-graph in Munin before 2.0.6, when running as a CGI module under Apache, allows remote attackers to load new configurations and create files in arbitrary directories via the logdir command.
0b800547a1eb079ad1f35bab5387bf7b2ec05ebb4cabe056ef7aabe1863a7514
Ubuntu Security Notice 1622-1 - It was discovered that the Munin qmailscan plugin incorrectly handled temporary files. A local attacker could use this issue to possibly overwrite arbitrary files. This issue only affected Ubuntu 10.04 LTS, Ubuntu 11.10, and Ubuntu 12.04 LTS. It was discovered that Munin incorrectly handled plugin state file permissions. An attacker obtaining privileges of the munin user could use this issue to escalate privileges to root. Various other issues were also addressed.
1b268ec2b09054bfb0535aa6abaf12527eaf93f09e1557383542ee104c9b38fa