Hobbit monitor security bugfix release - 4.1.2p2

Henrik Stoerner henrik at hswn.dk
Wed Aug 2 22:35:50 CEST 2006


Version 4.1.2p2 of Hobbit has just been uploaded to SourceForge,
and is available at
http://sourceforge.net/project/showfiles.php?group_id=128058&package_id=140220&release_id=436594

This release fixes a security bug reported by Jason Kruse earlier
today: File access via the Hobbit "config" method failed to
restrict access to the Hobbit configuration directory. It is 
therefore possible for anyone with access to the Hobbit network
daemon on port 1984 to read any file on the Hobbit server which 
is readable by the user running the hobbitd daemon.

This problem affects all versions of Hobbit 4.0 and 4.1. Users are
encouraged to update their Hobbit installation, or restrict network
access to Hobbit network daemon (e.g. by implementing firewall
rules restricting access to TCP port 1984).

This version also includes all non-security patches that have been
published since the release of version 4.1.2p1 in November 2005.


Regards,
Henrik Storner




More information about the Xymon mailing list