Main Vulnerability Database Vulnerabilities #VU40381

Permissions, Privileges, and Access Controls in Xymon and Debian Linux - CVE-2016-2057

Published: April 13, 2016 / Updated: August 9, 2020

Vulnerability identifier: #VU40381

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2016-2057

CWE-ID: CWE-264

Exploitation vector: Local access

Exploit availability: No public exploit available

Vendor: GNU
Debian

Affected software:
Xymon
Debian Linux

Detailed vulnerability description

The vulnerability allows a local authenticated user to manipulate data.

lib/xymond_ipc.c in Xymon 4.1.x, 4.2.x, and 4.3.x before 4.3.25 use weak permissions (666) for an unspecified IPC message queue, which allows local users to inject arbitrary messages by writing to that queue.

How to mitigate CVE-2016-2057

Install update from vendor's website.

Sources

http://packetstormsecurity.com/files/135758/Xymon-4.3.x-Buffer-Overflow-Code-Execution-Information-Disclosure.html
http://www.debian.org/security/2016/dsa-3495
http://www.securityfocus.com/archive/1/537522/100/0/threaded
https://sourceforge.net/p/xymon/code/7891/

Permissions, Privileges, and Access Controls in Xymon and Debian Linux - CVE-2016-2057

Detailed vulnerability description

How to mitigate CVE-2016-2057

Sources

Please verify you're human