25 Jul
2013
25 Jul
'13
4:09 p.m.
On 25-07-2013 17:36, Axel Beckert wrote:
On Wed, Jul 24, 2013 at 11:13:00AM +0200, henrik at hswn.dk wrote:
NOTE: This release includes a bugfix for a security issue in the xymond_history and xymond_rrd modules. A "drophost" command sent to the xymond port (default: 1984) from an IP listed in the --admin-senders access control list can be used to delete files owned by the user running the xymond daemon. This is allowed by default, so it is highly recommended
Does a CVE id exist for that vulnerability?
No. I suppose I could figure out how to request one - unless someone else already knows how ?
Is it known which Xymon versions are affected by that vulnerability?
All versions from 4.0 -> 4.3.11
Regards, Henrik