CVE-2016-2057

The CVE-2016-2057 issue affects Xymon 4.1.x, 4.2.x, and 4.3.x up to 4.3.25, where an internal IPC message queue is created with weak permissions (666). This allows a local user to inject arbitrary messages by writing to the queue, bypassing network ACLs. Related advisories (Debian DSA-3495-1; Mag...

Debian DSA-3495-1 : xymon - security update

Markus Krell discovered that xymon, a network- and applications-monitoring system, was vulnerable to the following security issues : - CVE-2016-2054 The incorrect handling of user-supplied input in the 'config' command can trigger a stack-based buffer overflow, resulting in denial of service via...

[SECURITY] [DSA 3495-1] xymon security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3495-1 [email protected] https://www.debian.org/security/ Sebastien Delafond February 29, 2016 https://www.debian.org/security/faq -...

Xymon 4.3.x Buffer Overflow / Code Execution / Information Disclosure

Hi, Multiple security issues have been found in the server component of the Xymon monitoring system. These issues affect all versions of Xymon 4.3.x prior to 4.3.25, as well as the obsolete 4.1.x and 4.2.x versions. All issues have been resolved in Xymon 4.3.25, released on Feb 8 2016. It is...