Multiple vulnerabilities in GNU Xymon
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 3 |
| CVE-ID | CVE-2016-2057 CVE-2016-2056 CVE-2016-2055 |
| CWE-ID | CWE-264 CWE-77 CWE-200 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
Xymon Web applications / Remote management & hosting panels Debian Linux Operating systems & Components / Operating system |
| Vendor |
GNU Debian |
Security Bulletin
This security bulletin contains information about 3 vulnerabilities.
1) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU40381
Risk: Low
CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2016-2057
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local authenticated user to manipulate data.
lib/xymond_ipc.c in Xymon 4.1.x, 4.2.x, and 4.3.x before 4.3.25 use weak permissions (666) for an unspecified IPC message queue, which allows local users to inject arbitrary messages by writing to that queue.
MitigationInstall update from vendor's website.
Vulnerable software versionsXymon: 4.1.0 - 4.3.24
Debian Linux: 4.1.0 - 8.0
External linkshttp://packetstormsecurity.com/files/135758/Xymon-4.3.x-Buffer-Overflow-Code-Execution-Information-Disclosure.html
http://www.debian.org/security/2016/dsa-3495
http://www.securityfocus.com/archive/1/537522/100/0/threaded
http://sourceforge.net/p/xymon/code/7891/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Command Injection
EUVDB-ID: #VU40382
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2016-2056
CWE-ID:
CWE-77 - Command injection
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated user to execute arbitrary code.
xymond in Xymon 4.1.x, 4.2.x, and 4.3.x before 4.3.25 allow remote authenticated users to execute arbitrary commands via shell metacharacters in the adduser_name argument in (1) web/useradm.c or (2) web/chpasswd.c.
MitigationInstall update from vendor's website.
Vulnerable software versionsXymon: 4.1.0 - 4.3.24
Debian Linux: 4.1.0 - 8.0
External linkshttp://packetstormsecurity.com/files/135758/Xymon-4.3.x-Buffer-Overflow-Code-Execution-Information-Disclosure.html
http://packetstormsecurity.com/files/153620/Xymon-useradm-Command-Execution.html
http://www.debian.org/security/2016/dsa-3495
http://www.securityfocus.com/archive/1/537522/100/0/threaded
http://sourceforge.net/p/xymon/code/7892/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Information disclosure
EUVDB-ID: #VU40383
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2016-2055
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.
xymond/xymond.c in xymond in Xymon 4.1.x, 4.2.x, and 4.3.x before 4.3.25 allow remote attackers to read arbitrary files in the configuration directory via a "config" command.
MitigationInstall update from vendor's website.
Vulnerable software versionsXymon: 4.1.0 - 4.3.24
Debian Linux: 4.1.0 - 8.0
External linkshttp://packetstormsecurity.com/files/135758/Xymon-4.3.x-Buffer-Overflow-Code-Execution-Information-Disclosure.html
http://www.debian.org/security/2016/dsa-3495
http://www.securityfocus.com/archive/1/537522/100/0/threaded
http://sourceforge.net/p/xymon/code/7890/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
