Hi,
On Wed, Jul 24, 2013 at 11:13:00AM +0200, user-ce4a2c883f75@xymon.invalid wrote:
NOTE: This release includes a bugfix for a security issue
in the xymond_history and xymond_rrd modules. A "drophost"
command sent to the xymond port (default: 1984) from an IP
listed in the --admin-senders access control list can be
used to delete files owned by the user running the xymond
daemon. This is allowed by default, so it is highly recommended
Does a CVE id exist for that vulnerability?
Is it known which Xymon versions are affected by that vulnerability?
Regards, Axel Beckert
--
Axel Beckert <user-96d9963fe797@xymon.invalid> support: +41 44 633 26 68
IT Services Group, HPT H 6 voice: +41 44 633 41 89
Departement of Physics, ETH Zurich
CH-8093 Zurich, Switzerland http://nic.phys.ethz.ch/