{"id":"MGASA-2013-0243","summary":"Updated xymon package fixes security vulnerability.","details":"A security vulnerability has been found in version 4.x of the\nXymon Systems & Network Monitor tool \n\nThe error permits a remote attacker to delete files on the server\nrunning the Xymon trend-data daemon \"xymond_rrd\".\nFile deletion is done with the privileges of the user that Xymon is\nrunning with, so it is limited to files available to the userid\nrunning the Xymon service. This includes all historical data stored\nby the Xymon monitoring system. (CVE-2013-4173)\n","modified":"2026-04-16T06:25:03.986756570Z","published":"2013-08-11T12:20:08Z","upstream":["CVE-2013-4173"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2013-0243.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=10874"},{"type":"WEB","url":"http://openwall.com/lists/oss-security/2013/07/27/3"}],"affected":[{"package":{"name":"xymon","ecosystem":"Mageia:2","purl":"pkg:rpm/mageia/xymon?arch=source&distro=mageia-2"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.2.3-11.mga2"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2013-0243.json"}},{"package":{"name":"xymon","ecosystem":"Mageia:3","purl":"pkg:rpm/mageia/xymon?arch=source&distro=mageia-3"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.2.3-14.mga3"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2013-0243.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}