CVE-2016-2054

Name of the Vulnerable Software and Affected Versions Xymon versions 4.1.x through 4.3.x before 4.3.25

Description The issue is caused by multiple buffer overflows in the xymond/xymond.c file, allowing remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a long filename, involving handling a "config" command.

Recommendations For versions 4.1.x through 4.3.x before 4.3.25, update to version 4.3.25 or later to resolve the issue. As a temporary workaround, consider restricting access to the config command in the xymond/xymond.c file until a patch is available.