Package name
xymon
Date
2013-08-13
Advisory ID
MDVSA-2013:213
Affected versions
MBS1 x86_64

Problem description

Updated xymon package fixes security vulnerability:

A security vulnerability has been found in version 4.x of the Xymon
Systems & Network Monitor tool

The error permits a remote attacker to delete files on the server
running the Xymon trend-data daemon xymond_rrd. File deletion is
done with the privileges of the user that Xymon is running with,
so it is limited to files available to the userid running the Xymon
service. This includes all historical data stored by the Xymon
monitoring system. (CVE-2013-4173)

Updated packages

MBS1 x86_64

 ab484feeeb9ced671e5ff3df54ad7f7e  mbs1/x86_64/xymon-4.2.3-11.1.mbs1.x86_64.rpm
 3d0a758bf7dc9985044f549c13a0dc97  mbs1/x86_64/xymon-client-4.2.3-11.1.mbs1.x86_64.rpm 
 92035829a0eb4589726521bbad6f6a35  mbs1/SRPMS/xymon-4.2.3-11.1.mbs1.src.rpm

References