Den 30.07.2013 14:01, Bill Arlofski skrev:
I noticed in the CVE link provided the following:
--[snip]--
If access to administrative commands is limited by use of the "--admin-senders" option for the "xymond" daemon, then the attack is restricted to the commands sent from the IP-adresses listed in the --admin-senders access list. However, the default configuration permits these commands to be sent from any IP. --[snip]--
However, I checked several Xymon and Hobbit installations that we manage and each of them has the --admin-senders=127.0.0.1,$BBSERVERIP (for hobbit) and --admin-senders=127.0.0.1,$XYMONSERVERIP (for xymon) set.
I know for a fact that these settings were not manually added to the xymond daemon CMDs on our servers, so this appears to be the default, which means that by default Xymon (and Hobbit) systems are "not vulnerable."
Several people have pointed this out to me - I was mistaken when I wrote the vulnerability notice for Bugtraq. You are correct that the default installation is not vulnerable.
Regards, Henrik