MGASA-2013-0243

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2013-0243.html

Import Source

https://advisories.mageia.org/MGASA-2013-0243.json

JSON Data

https://api.osv.dev/v1/vulns/MGASA-2013-0243

Related

CVE-2013-4173

Published

2013-08-11T12:20:08Z

Modified

2013-08-11T12:20:05Z

Summary

Updated xymon package fixes security vulnerability.

Details

A security vulnerability has been found in version 4.x of the Xymon Systems & Network Monitor tool

The error permits a remote attacker to delete files on the server running the Xymon trend-data daemon "xymond_rrd". File deletion is done with the privileges of the user that Xymon is running with, so it is limited to files available to the userid running the Xymon service. This includes all historical data stored by the Xymon monitoring system. (CVE-2013-4173)

References

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

Affected packages

Mageia:2 / xymon

Package

Name: xymon
Purl: pkg:rpm/mageia/xymon?arch=source&distro=mageia-2

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

4.2.3-11.mga2

Ecosystem specific

{
    "section": "core"
}

Mageia:3 / xymon

Package

Name: xymon
Purl: pkg:rpm/mageia/xymon?arch=source&distro=mageia-3

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

4.2.3-14.mga3

Ecosystem specific

{
    "section": "core"
}