Candidate: CVE-2016-2057
PublicDate: 2016-04-13 16:59:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2057
 http://lists.xymon.com/pipermail/xymon/2016-February/042986.html
Description:
 lib/xymond_ipc.c in Xymon 4.1.x, 4.2.x, and 4.3.x before 4.3.25 use weak
 permissions (666) for an unspecified IPC message queue, which allows local
 users to inject arbitrary messages by writing to that queue.
Ubuntu-Description:
Notes:
Bugs:
Priority: medium
Discovered-by: Markus Krell
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N [3.3 LOW]

Patches_xymon:
upstream_xymon: released (4.3.25-1)
precise_xymon: ignored (reached end-of-life)
precise/esm_xymon: DNE (precise was needs-triage)
trusty_xymon: ignored (reached end-of-life)
trusty/esm_xymon: DNE (trusty was needed)
vivid/stable-phone-overlay_xymon: DNE
vivid/ubuntu-core_xymon: DNE
wily_xymon: ignored (reached end-of-life)
xenial_xymon: not-affected (4.3.25-1)
yakkety_xymon: not-affected (4.3.25-1)
zesty_xymon: not-affected (4.3.25-1)
artful_xymon: not-affected (4.3.25-1)
bionic_xymon: not-affected (4.3.25-1)
cosmic_xymon: not-affected (4.3.25-1)
disco_xymon: not-affected (4.3.25-1)
devel_xymon: not-affected (4.3.25-1)