Debian: New zabbix packages fix privilege escalation

- ------------------------------------------------------------------------Debian Security Advisory DSA-1420-1                  security@debian.org
http://www.debian.org/security/                          Thijs Kinkhorst
December 05, 2007                     http://www.debian.org/security/faq
- ------------------------------------------------------------------------Package        : zabbix
Vulnerability  : programming error
Problem-Type   : remote
Debian-specific: no
CVE ID         : CVE-2007-6210
Debian Bug     : 452682

Bas van Schaik discovered that the agentd process of Zabbix, a network
monitor system, may run user-supplied commands as group id root, not
zabbix, which may lead to a privilege escalation.

For the stable distribution (etch), this problem has been fixed in version
1:1.1.4-10etch1

zabbix is not included in the oldstable distribution (sarge).

We recommend that you upgrade your zabbix packages.

Upgrade instructions
- --------------------wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 4.0 alias etch
- -------------------------------Stable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.

Source archives:

      Size/MD5 checksum:      850 4b021367fae2f83903168622449ac3d5
      Size/MD5 checksum:    19016 853af44b6fa0f9519710af72d728283b
      Size/MD5 checksum:  1511210 8e733e41506dd34759daba01deeeefd9

Architecture independent packages:

      Size/MD5 checksum:   337552 2094fd712f01e85f293ffba7628271a3

alpha architecture (DEC Alpha)

      Size/MD5 checksum:   199540 d3c60f5e84c4c24622a93b7b88fcf21b
      Size/MD5 checksum:   134628 a1bc2d6920993443affd3a8751b9ca17
      Size/MD5 checksum:   208906 3c13b8046ff57e0fa8aea50f2be9ab55

amd64 architecture (AMD x86_64 (AMD64))

      Size/MD5 checksum:   121058 88afd49700d9c27830b144c976d01bbc
      Size/MD5 checksum:   187334 84ff800dfeeaaa15b5bc54da2c60d541
      Size/MD5 checksum:   197896 f287da9192ed398e4a91eeb466f5d0f2

arm architecture (ARM)

      Size/MD5 checksum:   114812 54d95bd62d7fc9c4f7f489b3a6aa61b1
      Size/MD5 checksum:   184154 a86d542d9e915e3218857f627987b4da
      Size/MD5 checksum:   195136 69e6a2e140d706ea2e2345af3e4c7079

hppa architecture (HP PA RISC)

      Size/MD5 checksum:   129776 94cf53bf377404b7e735e03958c06b45
      Size/MD5 checksum:   198254 61e71f3347893b5db188f84639aa5408
      Size/MD5 checksum:   207124 ba7edc382a338dd1c199f5195c70600c

mips architecture (MIPS (Big Endian))

      Size/MD5 checksum:   191732 2bf4f31683e0cbc336761bb289637935
      Size/MD5 checksum:   202436 895df858131cb2a7cdaf08872990a5ad
      Size/MD5 checksum:   127066 92ffdb635471d03e6557feb09c964b14

mipsel architecture (MIPS (Little Endian))

      Size/MD5 checksum:   127084 1ec77d9776f50835b0de53280f6d1566
      Size/MD5 checksum:   202602 0e6f7eacb323cd92e794374b3ace26f5
      Size/MD5 checksum:   191870 37f5495aa653af479e47fbd7eaa9d881

powerpc architecture (PowerPC)

      Size/MD5 checksum:   200586 d6f8539a23ef645e1acd89053d0ee9b4
      Size/MD5 checksum:   190128 f15156135f21e6038ea6ecbba9fd39b1
      Size/MD5 checksum:   124226 db888cf3cc5d4052f5df1faca2e2b959

s390 architecture (IBM S/390)

      Size/MD5 checksum:   186494 31fe6349c1df9707e07dcc7f3188f4fa
      Size/MD5 checksum:   120012 57d1846b5821c0160ec04fc896f035cb
      Size/MD5 checksum:   197310 73739f20a98209392de313cb1f43add7

sparc architecture (Sun SPARC/UltraSPARC)

      Size/MD5 checksum:   190724 2139419b2569163970b964008989ceef
      Size/MD5 checksum:   113630 2845f0b14a5a8d57b20cb4646af97f2a
      Size/MD5 checksum:   181714 275fe787f58c0cec7dcbdfe05505778f


  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp:  dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Debian: New zabbix packages fix privilege escalation

Summary

Related News

Get the Latest News & Insights

News

Advisories

HOWTOs

Features

About Us

Powered By
