CVE-2012-4678 Information

Description

munin-cgi-graph for Munin 2.0 rc4 does not delete temporary files which allows remote attackers to cause a denial of service (disk consumption) via many requests to an image with unique parameters.

Reference

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=668667 http://munin-monitoring.org/changeset/4825 http://www.openwall.com/lists/oss-security/2012/04/16/5 http://www.openwall.com/lists/oss-security/2012/04/16/6 http://www.openwall.com/lists/oss-security/2012/04/18/2 http://www.openwall.com/lists/oss-security/2012/04/19/3 http://www.openwall.com/lists/oss-security/2012/04/19/4 http://www.openwall.com/lists/oss-security/2012/04/19/5 http://www.openwall.com/lists/oss-security/2012/04/27/7 http://www.openwall.com/lists/oss-security/2012/04/29/2 http://www.securityfocus.com/bid/53034 https://bugzilla.redhat.com/show_bug.cgi?id=812889