This script is Copyright (C) 2016 Tenable Network Security, Inc.
The remote FreeBSD host is missing a security-related update.
J.C. Cleaver reports :
- CVE-2016-2054: Buffer overflow in xymond handling of 'config'
- CVE-2016-2055: Access to possibly confidential files in the Xymon
- CVE-2016-2056: Shell command injection in the 'useradm' and
'chpasswd' web applications
- CVE-2016-2057: Incorrect permissions on IPC queues used by the
xymond daemon can bypass IP access filtering
monitoring items; XSS vulnerability via malformed acknowledgment
See also :
Update the affected package.
Risk factor :
High / CVSS Base Score : 7.5