CVE-2016-2057

Description

lib/xymond_ipc.c in Xymon 4.1.x, 4.2.x, and 4.3.x before 4.3.25 use weak permissions (666) for an unspecified IPC message queue, which allows local users to inject arbitrary messages by writing to that queue.

References

https://sourceforge.net/p/xymon/code/7891/

http://www.securityfocus.com/archive/1/537522/100/0/threaded

http://www.debian.org/security/2016/dsa-3495

http://packetstormsecurity.com/files/135758/Xymon-4.3.x-Buffer-Overflow-Code-Execution-Information-Disclosure.html

Details

Source: Mitre, NVD

Risk Information

CVSS v2

CVSS v3