Weak Permissions on IPC Message Queue in Xymon 4.1.x, 4.2.x, and 4.3.x

Weak Permissions on IPC Message Queue in Xymon 4.1.x, 4.2.x, and 4.3.x

CVE-2016-2057 · LOW Severity

AV:L/AC:L/AU:N/C:N/I:P/A:N

lib/xymond_ipc.c in Xymon 4.1.x, 4.2.x, and 4.3.x before 4.3.25 use weak permissions (666) for an unspecified IPC message queue, which allows local users to inject arbitrary messages by writing to that queue.

Learn more about our User Device Pen Test.