[Xymon] Directory traversal vulnerability in svcstatus.c (historylog)

Henrik Størner henrik at hswn.dk
Fri May 6 08:09:57 CEST 2011


Hi Jeremy

On 06-05-2011 05:21, Jeremy Laidman wrote:
> Peoples
>
> I've discovered a directory traversal vulnerability in the svcstatus.c
> file, allowing a remote attacker to view any file on the filesystem
> that's visible to the web server user.  When viewing a specific
> historical entry, and then setting the parameter for TIMEBUF to
> "../../../..(etc)/path/to/file" you get to view the file.

Definitely not a good feature to have.

Fixed in version 4.3.3 which should be available from Sourceforge now. 
There were a couple of other places which could potentially have the 
same type of issue - I've fixed those as well.

4.3.3 also fixes a couple more cross-site scripting vulnerabilities, and 
has the "normal" bugfixes that have accumulated.


Regards,
Henrik



More information about the Xymon mailing list