[Xymon] acknowledge.c(gi) buffer overrun

Christoph Berg cb at df7cb.de
Fri Jan 23 14:06:27 CET 2015


Re: J.C. Cleaver 2015-01-22 <282e3f8897d4065d851081e23f6b320c.squirrel at mail.kkytbs.net>
> On Thu, January 22, 2015 8:14 am, Christoph Berg wrote:
> > This might even deserve a CVE number, but as it's a seccgi, it's
> > not widely exposed.
> 
> This is fixed in (unreleased) 4.3.18, via
> https://sourceforge.net/p/xymon/code/7483.
> 
> Originally reported
> http://lists.xymon.com/pipermail/xymon/2014-August/040003.html

Oh, ok. I thought about checking svn, but then didn't. Thanks for the
pointer!

Still, this is a pretty bad buffer overflow, so a new release should
be made soonish. We'll push this patch into the 4.3.17 in Debian Jessie.

Christoph
-- 
cb at df7cb.de | http://www.df7cb.de/



More information about the Xymon mailing list