Main Vulnerability Database Vulnerabilities #VU40381

#VU40381 Permissions, Privileges, and Access Controls in Xymon and Debian Linux - CVE-2016-2057

Published: April 13, 2016 / Updated: August 9, 2020

Vulnerability identifier: #VU40381

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2016-2057

CWE-ID: CWE-264

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
Xymon
Debian Linux

Software vendor:
GNU
Debian

Description

The vulnerability allows a local authenticated user to manipulate data.

lib/xymond_ipc.c in Xymon 4.1.x, 4.2.x, and 4.3.x before 4.3.25 use weak permissions (666) for an unspecified IPC message queue, which allows local users to inject arbitrary messages by writing to that queue.

Remediation

Install update from vendor's website.

External links

http://packetstormsecurity.com/files/135758/Xymon-4.3.x-Buffer-Overflow-Code-Execution-Information-Disclosure.html
http://www.debian.org/security/2016/dsa-3495
http://www.securityfocus.com/archive/1/537522/100/0/threaded
https://sourceforge.net/p/xymon/code/7891/

#VU40381 Permissions, Privileges, and Access Controls in Xymon and Debian Linux - CVE-2016-2057

Description

Remediation

External links

Please verify you're human