Launchpad CVE tracker

CVE 2013-4173

Directory traversal vulnerability in the trend-data daemon (xymond_rrd) in Xymon 4.x before 4.3.12 allows remote attackers to delete arbitrary files via a .. (dot dot) in the host name in a "drophost" command.

Related bugs and status

CVE-2013-4173 (Candidate) is related to these bugs:

Bug #1172436: Filenames not updated in xymon-client.logrotate

Summary				In	Importance	Status
	1172436	Filenames not updated in xymon-client.logrotate		xymon (Ubuntu)	Undecided	Fix Released

Bug #1325129: Sync xymon 4.3.17-2 (universe) from Debian unstable (main)

Summary				In	Importance	Status
	1325129	Sync xymon 4.3.17-2 (universe) from Debian unstable (main)		xymon (Ubuntu)	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

References

MLIST: [oss-security] 2013072...
CONFIRM: http://sourceforge.net...
MANDRIVA: MDVSA-2013:213

Launchpad.net

CVE 2013-4173

Related bugs and status

Related bugs

References