Lucene search
GoogleOSV:DLA-488-1HistoryMay 25, 2016 - 12:00 a.m.
xymon - security update
2016-05-2500:00:00
Google
osv.dev
13
EPSS
0.907
Percentile
98.9%
Markus Krell discovered that Xymon (formerly known as Hobbit), a
network- and applications-monitoring system, was vulnerable to the
following security issues:
- CVE-2016-2054
The incorrect handling of user-supplied input in the config
command can trigger a stack-based buffer overflow, resulting in
denial of service (via application crash) or remote code execution. - CVE-2016-2055
The incorrect handling of user-supplied input in the config
command can lead to an information leak by serving sensitive
configuration files to a remote user. - CVE-2016-2056
The commands handling password management do not properly validate
user-supplied input, and are thus vulnerable to shell command
injection by a remote user. - CVE-2016-2058
Incorrect escaping of user-supplied input in status webpages can
be used to trigger reflected cross-site scripting attacks.
For Debian 7 Wheezy, these problems have been fixed in version
4.3.0~beta2.dfsg-9.1+deb7u1.
We recommend that you upgrade your xymon packages.
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: <https://wiki.debian.org/LTS>
References
Related
debian
debian
[SECURITY] [DLA 488-1] xymon security update
2016-05-25 17:10:22
[SECURITY] [DSA 3495-1] xymon security update
2016-02-29 10:15:37
[SECURITY] [DSA 3495-1] xymon security update
2016-02-29 10:15:37
openvas
openvas
Debian: Security Advisory (DLA-488-1)
2023-03-08 00:00:00
Mageia: Security Advisory (MGASA-2016-0177)
2022-01-28 00:00:00
Debian: Security Advisory (DSA-3495-1)
2016-03-08 00:00:00
nessus
nessus
Debian DLA-488-1 : xymon security update
2016-05-26 00:00:00
FreeBSD : xymon-server -- multiple vulnerabilities (1cecd5e0-c372-11e5-96d6-14dae9d210b8)
2016-02-10 00:00:00
Debian DSA-3495-1 : xymon - security update
2016-03-01 00:00:00
freebsd
freebsd
xymon-server -- multiple vulnerabilities
2016-01-19 00:00:00
osv
osv
xymon - security update
2016-02-29 00:00:00
packetstorm
packetstorm
Xymon 4.3.x Buffer Overflow / Code Execution / Information Disclosure
2016-02-15 00:00:00
Xymon Daemon Gather Information
2024-08-31 00:00:00
Xymon useradm Command Execution
2019-07-12 00:00:00
mageia
mageia
Updated xymon packages fix security vulnerabilities
2016-05-18 23:14:22
cvelist
cvelist
prion
prion
Command injection
2016-04-13 16:59:00
Buffer overflow
2016-04-13 16:59:00
Cross site scripting
2016-04-13 16:59:00
debiancve
debiancve
ubuntucve
ubuntucve
cve
cve
nvd
nvd
metasploit
metasploit
Xymon Daemon Gather Information
2019-06-29 16:48:39
Xymon useradm Command Execution
2019-07-02 14:04:07
checkpoint_advisories
checkpoint_advisories
Xymon xymond Remote Code Execution (CVE-2016-2056)
2021-05-30 00:00:00
exploitdb
exploitdb
Xymon 4.3.25 - useradm Command Execution (Metasploit)
2019-07-12 00:00:00
zdt
zdt
Xymon 4.3.25 - useradm Command Execution Exploit
2019-07-12 00:00:00