Date: Wed, 18 Apr 2012 07:16:21 +0200 From: Helmut Grohne <helmut@...divi.de> To: Kurt Seifried <kseifried@...hat.com> Cc: oss-security@...ts.openwall.com, Jan Lieskovsky <jlieskov@...hat.com>, "Steven M. Christey" <coley@...us.mitre.org>, 668667@...s.debian.org Subject: Re: CVE Request (minor) -- Two Munin graphing framework flaws On Tue, Apr 17, 2012 at 11:04:56PM -0600, Kurt Seifried wrote: > On 04/16/2012 11:34 PM, Helmut Grohne wrote: > > The basic requirement is that a plugin called vmstat is configured > > for the node localhost.localdomain. I just picked it as an example, > > cause it is present on my system. In practise any plugin for any > > host will do. > > Is this the default configuration? I am not that sure about the defaults, because I changed them. However running a Munin without any plugins is pointless. It is like running a mail server that does not transport any mail. You don't even have to guess the name of a configured plugin, because those images are linked from the html. Finding a configured plugin is really no issue on any sane munin installation. Sane administrators may have to restricted access to munin to themselves as to not expose the monitoring results to the public though. Helmut
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.