Bug#996778: xymon-client: disable logfetch's ability to execute arbitrary code

Axel Beckert Mon, 18 Oct 2021 12:57:13 -0700

Hi again,

Christoph Zechner wrote:
> Severity: critical


This is clearly not "critical". Myon already fixed that.

> Justification: root security hole

It is also no root security hole. It gives you access to the xymon
user only. (If the admin configured the xymon user to be able to use
sudo, that's another problem.)

                Regards, Axel
-- 
 ,''`.  |  Axel Beckert <a...@debian.org>, https://people.debian.org/~abe/
: :' :  |  Debian Developer, ftp.ch.debian.org Admin
`. `'   |  4096R: 2517 B724 C5F6 CA99 5329  6E61 2FF9 CD59 6126 16B5
  `-    |  1024D: F067 EA27 26B9 C3FC 1486  202E C09E 1D89 9593 0EDE

Bug#996778: xymon-client: disable logfetch's ability to execute arbitrary code

Reply via email to