Vigil@nce - xymon: five vulnerabilities
April 2016 by Vigil@nce
SYNTHESIS OF THE VULNERABILITY
An attacker can use several vulnerabilities of xymon.
Impacted products: Debian.
Severity: 2/4.
Creation date: 29/02/2016.
DESCRIPTION OF THE VULNERABILITY
Several vulnerabilities were announced in xymon.
An attacker can generate a buffer overflow in Config, in order to
trigger a denial of service, and possibly to run code.
[severity:2/4; CVE-2016-2054]
An attacker can bypass security features in Config, in order to
obtain sensitive information. [severity:2/4; CVE-2016-2055]
An attacker can inject a command in the Password Management, in
order to run code. [severity:2/4; CVE-2016-2056]
An attacker can bypass security features, in order to escalate his
privileges. [severity:2/4; CVE-2016-2057]
An attacker can trigger a Cross Site Scripting in Status Webpages,
in order to run JavaScript code in the context of the web site.
[severity:2/4; CVE-2016-2058]
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
https://vigilance.fr/vulnerability/xymon-five-vulnerabilities-19044