Lucene search
GoogleOSV:DSA-3495-1HistoryFeb 29, 2016 - 12:00 a.m.
xymon - security update
2016-02-2900:00:00
Google
osv.dev
7
0.894 High
EPSS
Percentile
98.8%
Markus Krell discovered that xymon, a network- and
applications-monitoring system, was vulnerable to the following
security issues:
- CVE-2016-2054
The incorrect handling of user-supplied input in the config
command can trigger a stack-based buffer overflow, resulting in
denial of service (via application crash) or remote code execution. - CVE-2016-2055
The incorrect handling of user-supplied input in the config
command can lead to an information leak by serving sensitive
configuration files to a remote user. - CVE-2016-2056
The commands handling password management do not properly validate
user-supplied input, and are thus vulnerable to shell command
injection by a remote user. - CVE-2016-2057
Incorrect permissions on an internal queuing system allow a user
with a local account on the xymon master server to bypass all
network-based access control lists, and thus inject messages
directly into xymon. - CVE-2016-2058
Incorrect escaping of user-supplied input in status webpages can
be used to trigger reflected cross-site scripting attacks.
For the stable distribution (jessie), these problems have been fixed in
version 4.3.17-6+deb8u1.
We recommend that you upgrade your xymon packages.
References
Related
packetstorm
packetstorm
Xymon 4.3.x Buffer Overflow / Code Execution / Information Disclosure
2016-02-15 00:00:00
Xymon useradm Command Execution
2019-07-12 00:00:00
openvas
openvas
Debian Security Advisory DSA 3495-1 (xymon - security update)
2016-03-08 00:00:00
Debian: Security Advisory (DSA-3495-1)
2016-03-08 00:00:00
Mageia: Security Advisory (MGASA-2016-0177)
2022-01-28 00:00:00
freebsd
freebsd
xymon-server -- multiple vulnerabilities
2016-01-19 00:00:00
nessus
nessus
FreeBSD : xymon-server -- multiple vulnerabilities (1cecd5e0-c372-11e5-96d6-14dae9d210b8)
2016-02-10 00:00:00
Debian DSA-3495-1 : xymon - security update
2016-03-01 00:00:00
Debian DLA-488-1 : xymon security update
2016-05-26 00:00:00
debian
debian
[SECURITY] [DSA 3495-1] xymon security update
2016-02-29 10:15:37
[SECURITY] [DSA 3495-1] xymon security update
2016-02-29 10:15:37
[SECURITY] [DLA 488-1] xymon security update
2016-05-25 17:10:22
mageia
mageia
Updated xymon packages fix security vulnerabilities
2016-05-18 23:14:22
osv
osv
xymon - security update
2016-05-25 00:00:00
prion
prion
Command injection
2016-04-13 16:59:00
Buffer overflow
2016-04-13 16:59:00
Code injection
2016-04-13 16:59:00
debiancve
debiancve
cve
cve
nvd
nvd
metasploit
metasploit
Xymon Daemon Gather Information
2019-06-29 16:48:39
cvelist
cvelist
ubuntucve
ubuntucve
checkpoint_advisories
checkpoint_advisories
Xymon xymond Remote Code Execution (CVE-2016-2056)
2021-05-30 00:00:00
zdt
zdt
Xymon 4.3.25 - useradm Command Execution Exploit
2019-07-12 00:00:00