Den 30.07.2013 14:01, Bill Arlofski skrev:
I noticed in the CVE link provided the following:
--[snip]--
If access to administrative commands is limited by use of the
"--admin-senders" option for the "xymond" daemon, then the attack
is restricted to the commands sent from the IP-adresses listed in
the --admin-senders access list. However, the default
configuration permits these commands to be sent from any IP.
--[snip]--
However, I checked several Xymon and Hobbit installations that we manage and
each of them has the --admin-senders=127.0.0.1,$BBSERVERIP (for hobbit) and
--admin-senders=127.0.0.1,$XYMONSERVERIP (for xymon) set.
I know for a fact that these settings were not manually added to the xymond
daemon CMDs on our servers, so this appears to be the default, which means
that by default Xymon (and Hobbit) systems are "not vulnerable."
Several people have pointed this out to me - I was mistaken when I wrote the vulnerability notice for Bugtraq. You are correct that the default installation is not vulnerable.
Regards,
Henrik