Hobbit Monitor config Method Traversal Arbitrary File Access
Medium Nessus Plugin ID 22181
SynopsisThe remote server is affected by an information disclosure vulnerability.
DescriptionThe version of the Hobbit Monitor daemon installed on the remote host does not properly filter the argument to the 'config' command of directory traversal sequences. An unauthenticated attacker can leverage this flaw to retrieve arbitrary files from the affected host subject to the privileges of the user id under which hobbitd runs.
SolutionUpgrade to Hobbit version 4.1.2p2 or later.