Remote Code execution

list Christoph Zechner
Tue, 12 Oct 2021 16:11:21 +0200
Message-Id: <user-b6e51caa05f4@xymon.invalid>

Hi,

after reading an old thread about remote code execution on here [1], I wondered if something like this is still possible nowadays with xymon? In 2016 [2] this has been classified as a security risk, whereas in 2007, it was considered a feature/addon. I am wondering if remote code execution is still possible either via this mechanism or in some other way or if the development team has been taking precautions against attacks like that.

Thanks in advance.

Cheers
Christoph

[1] https://lists.xymon.com/archive/2007-June/013587.html
[2] https://packetstormsecurity.com/files/135758/xymon-execoverflowdisclsoe.txt