| Name | CVE-2016-2055 |
| Description | xymond/xymond.c in xymond in Xymon 4.1.x, 4.2.x, and 4.3.x before 4.3.25 allow remote attackers to read arbitrary files in the configuration directory via a "config" command. |
| Source | CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more) |
| References | DLA-488-1, DSA-3495-1 |
The table below lists information on source packages.
| Source Package | Release | Version | Status |
|---|---|---|---|
| xymon (PTS) | bookworm, bullseye | 4.3.30-1 | fixed |
| sid, trixie | 4.3.30-4 | fixed |
The information below is based on the following data on fixed versions.
| Package | Type | Release | Fixed Version | Urgency | Origin | Debian Bugs |
|---|---|---|---|---|---|---|
| xymon | source | wheezy | 4.3.0~beta2.dfsg-9.1+deb7u1 | DLA-488-1 | ||
| xymon | source | jessie | 4.3.17-6+deb8u1 | DSA-3495-1 | ||
| xymon | source | (unstable) | 4.3.25-1 |
http://lists.xymon.com/pipermail/xymon/2016-February/042986.html