[Xymon] Xymon 4.3.12 released

Axel Beckert beckert at phys.ethz.ch
Thu Jul 25 17:36:53 CEST 2013


Hi,

On Wed, Jul 24, 2013 at 11:13:00AM +0200, henrik at hswn.dk wrote:
> NOTE: This release includes a bugfix for a security issue
> in the xymond_history and xymond_rrd modules. A "drophost"
> command sent to the xymond port (default: 1984) from an IP
> listed in the --admin-senders access control list can be
> used to delete files owned by the user running the xymond
> daemon. This is allowed by default, so it is highly recommended

Does a CVE id exist for that vulnerability?

Is it known which Xymon versions are affected by that vulnerability?

		Regards, Axel Beckert
-- 
Axel Beckert <beckert at phys.ethz.ch>       support: +41 44 633 26 68
IT Services Group, HPT H 6                  voice: +41 44 633 41 89
Departement of Physics, ETH Zurich
CH-8093 Zurich, Switzerland		   http://nic.phys.ethz.ch/



More information about the Xymon mailing list