CVE-2016-2057

CVE-2016-2057

EPSS 0.5%

lib/xymond_ipc.c in Xymon 4.1.x, 4.2.x, and 4.3.x before 4.3.25 use weak permissions (666) for an unspecified IPC message queue, which allows local users to inject arbitrary messages by writing to that queue.

Affected products

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

http://packetstormsecurity.com/files/135758/Xymon-4.3.x-Buffer-Overflow-Code-Execution-Information-Disclosure.html https://sourceforge.net/p/xymon/code/7891/http://www.debian.org/security/2016/dsa-3495 http://www.securityfocus.com/archive/1/537522/100/0/threaded