CVE-2012-2104

Name of the Vulnerable Software and Affected Versions Munin versions 2.x

Description The issue allows user-assisted remote attackers to inject terminal emulator escape sequences and execute arbitrary commands or delete arbitrary files via a crafted HTTP request to the "cgi-bin/munin-cgi-graph" endpoint. This is due to the software writing data to a log file without sanitizing non-printable characters.

Recommendations For Munin versions 2.x, update to a version that sanitizes non-printable characters in log files to prevent terminal emulator escape sequence injection. As a temporary workaround, consider restricting access to the "cgi-bin/munin-cgi-graph" endpoint until a patch is available.