Hobbit Monitor config Method Traversal Arbitrary File Access

Medium Nessus Plugin ID 22181


The remote server is affected by an information disclosure vulnerability.


The version of the Hobbit Monitor daemon installed on the remote host does not properly filter the argument to the 'config' command of directory traversal sequences. An unauthenticated attacker can leverage this flaw to retrieve arbitrary files from the affected host subject to the privileges of the user id under which hobbitd runs.


Upgrade to Hobbit version 4.1.2p2 or later.

See Also


Plugin Details

Severity: Medium

ID: 22181

File Name: hobbitd_config_dir_traversal.nasl

Version: $Revision: 1.13 $

Type: remote

Family: Misc.

Published: 2006/08/08

Modified: 2015/09/24

Dependencies: 22180

Risk Information

Risk Factor: Medium


Base Score: 5

Temporal Score: 4.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Temporal Vector: CVSS2#E:F/RL:U/RC:C

Vulnerability Information

Exploit Available: true

Exploit Ease: Exploits are available

Exploited by Nessus: true

Vulnerability Publication Date: 2006/08/02

Reference Information

CVE: CVE-2006-4003

BID: 19317

OSVDB: 27752