Vulnerability Name:

CVE-2013-6048 (CCN-89583)

Assigned:2013-12-03
Published:2013-12-03
Updated:2014-03-06
Summary:The get_group_tree function in lib/Munin/Master/HTMLConfig.pm in Munin before 2.0.18 allows remote nodes to cause a denial of service (infinite loop and memory consumption in the munin-html process) via crafted multigraph data.
CVSS v3 Severity:5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Low
CVSS v2 Severity:5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
3.7 Low (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
3.7 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
Vulnerability Type:CWE-20
Vulnerability Consequences:Denial of Service
References:Source: MITRE
Type: CNA
CVE-2013-6048

Source: CCN
Type: Munin Web site
Munin

Source: DEBIAN
Type: UNKNOWN
DSA-2815

Source: CCN
Type: BID-64188
Munin CVE-2013-6048 Remote Denial of Service Vulnerability

Source: UBUNTU
Type: UNKNOWN
USN-2090-1

Source: CCN
Type: Red Hat Bugzilla Bug 1037888
(CVE-2013-6048, CVE-2013-6359) CVE-2013-6048 CVE-2013-6359 munin: two denial of service flaws fixed in 2.0.18

Source: XF
Type: UNKNOWN
munin-cve20136048-dos(89583)

Source: CONFIRM
Type: UNKNOWN
https://github.com/munin-monitoring/munin/blob/2.0.18/ChangeLog

Source: CONFIRM
Type: Patch
https://github.com/munin-monitoring/munin/commit/284d7402718d98fcf10cee565415939882abab99

Source: CCN
Type: WhiteSource Vulnerability Database
CVE-2013-6048

Vulnerable Configuration:Configuration 1:
  • cpe:/a:munin-monitoring:munin:2.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:munin-monitoring:munin:2.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:munin-monitoring:munin:2.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:munin-monitoring:munin:2.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:munin-monitoring:munin:2.0.4:*:*:*:*:*:*:*
  • OR cpe:/a:munin-monitoring:munin:2.0.5:*:*:*:*:*:*:*
  • OR cpe:/a:munin-monitoring:munin:2.0.6:*:*:*:*:*:*:*
  • OR cpe:/a:munin-monitoring:munin:2.0.7:*:*:*:*:*:*:*
  • OR cpe:/a:munin-monitoring:munin:2.0.8:*:*:*:*:*:*:*
  • OR cpe:/a:munin-monitoring:munin:2.0.9:*:*:*:*:*:*:*
  • OR cpe:/a:munin-monitoring:munin:2.0.10:*:*:*:*:*:*:*
  • OR cpe:/a:munin-monitoring:munin:2.0.11:*:*:*:*:*:*:*
  • OR cpe:/a:munin-monitoring:munin:2.0.11.1:*:*:*:*:*:*:*
  • OR cpe:/a:munin-monitoring:munin:2.0.12:*:*:*:*:*:*:*
  • OR cpe:/a:munin-monitoring:munin:2.0.13:*:*:*:*:*:*:*
  • OR cpe:/a:munin-monitoring:munin:2.0.14:*:*:*:*:*:*:*
  • OR cpe:/a:munin-monitoring:munin:2.0.15:*:*:*:*:*:*:*
  • OR cpe:/a:munin-monitoring:munin:2.0.16:*:*:*:*:*:*:*
  • OR cpe:/a:munin-monitoring:munin:*:*:*:*:*:*:*:* (Version <= 2.0.17)

    • Configuration CCN 1:
  • cpe:/a:munin-monitoring:munin:2.0.17:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:113000
    P
    		munin-2.0.25-4.10 on GA media (Moderate)
    2022-01-17
    oval:org.opensuse.security:def:106446
    P
    		Security update for salt (Moderate)
    2021-10-27
    oval:org.mitre.oval:def:22429
    P
    		USN-2090-1 -- munin vulnerabilities
    2014-06-30
    oval:org.mitre.oval:def:20723
    P
    		DSA-2815-1 munin - denial of service
    2014-06-23
    oval:com.ubuntu.precise:def:20136048000
    V
    		CVE-2013-6048 on Ubuntu 12.04 LTS (precise) - medium.
    2013-12-13
    BACK
    munin-monitoring munin 2.0.0
    munin-monitoring munin 2.0.1
    munin-monitoring munin 2.0.2
    munin-monitoring munin 2.0.3
    munin-monitoring munin 2.0.4
    munin-monitoring munin 2.0.5
    munin-monitoring munin 2.0.6
    munin-monitoring munin 2.0.7
    munin-monitoring munin 2.0.8
    munin-monitoring munin 2.0.9
    munin-monitoring munin 2.0.10
    munin-monitoring munin 2.0.11
    munin-monitoring munin 2.0.11.1
    munin-monitoring munin 2.0.12
    munin-monitoring munin 2.0.13
    munin-monitoring munin 2.0.14
    munin-monitoring munin 2.0.15
    munin-monitoring munin 2.0.16
    munin-monitoring munin *
    munin-monitoring munin 2.0.17