[Xymon] NSSM & Xymon PowerShell Client

Chris Rowson christopherrowson at gmail.com
Tue Jul 18 14:42:00 CEST 2017


Hi list,

I've been asked to look at a Xymon install which needs updating. The
first thing I noticed was that the monitored Windows servers in the
environment are using the old BBWin client which doesn't seem to be
maintained any longer.

Checking the mailing list I've noticed that a lot of people are now
using the WinPSClient so I've been trying to familiarise myself with
it.

As I hadn't come across the software before, I ran the source for NSSM
(the manager which runs the PS script as a service) past a C++ code
analysis tool and it came out with a few /potential/ issues. The
critical and high vulnerabilities are:

Critical: Use of memmove Allows Buffer Overflow
-------------------------------------------------------
- The size limit is larger than the destination buffer, while the
source is a char* and so, could allow a buffer overflow to take place.
- nssm-master\io.cpp Line 213

High: LoadLibrary
------------------
- The function searches several paths for a library if called with a
filename, but no path. This can allow trojan DLLs to be deployed,
regardless of the presence of the correct DLL. Manually check the code
to ensure that the full path is specified.
- nssm-master\imports.cpp Line 15

I'm not a C++ programmer, but looking at the code, the findings of the
analysis tool look at least possible. Has anybody else performed code
scrutiny against this aspect of the solution who can confirm or deny
any issues?

I also wondered if there's any particular reason why the PowerShell
script can't be run at intervals by task scheduler instead of running
as a service?

Thanks,

Chris



More information about the Xymon mailing list