Your message dated Sat, 28 Mar 2009 16:17:08 +0000
with message-id <e1lnbdy-0001rx...@ries.debian.org>
and subject line Bug#518193: fixed in zabbix 1:1.6.3-1
has caused the Debian Bug report #518193,
regarding [SA34091] ZABBIX PHP Frontend Multiple Vulnerabilities
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
518193: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=518193
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: zabbix-frontend-php
Severity: serious
Tags: security patch
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi,
The following SA (Secunia Advisory) id was published for
zabbix-frontend-php:
SA34091[1]:
> DESCRIPTION:
> Some vulnerabilities have been reported in the ZABBIX PHP frontend,
> which can be exploited by malicious people to conduct cross-site
> request forgery attacks and malicious users to disclose sensitive
> information and compromise a vulnerable system.
>
> 1) Input appended to and passed via the "extlang" parameter to the
> "calc_exp2()" function in include/validate.inc.php is not properly
> sanitised before being used. This can be exploited to inject and
> execute arbitrary PHP code.
>
> 2) The application allows users to perform certain actions via HTTP
> requests without performing any validity checks to verify the
> requests. This can be exploited to e.g. create users by enticing a
> logged in administrator to visit a malicious web page.
>
> 3) Input passed to the "srclang" parameter in locales.php (when
> "next" is set to a non-NULL value) is not properly verified before
> being used to include files. This can be exploited to include
> arbitrary files from local resources via directory traversal attacks
> and URL-encoded NULL bytes.
>
> The vulnerabilities are reported in version 1.6.2. Other versions may
> also be affected.
>
> SOLUTION:
> Edit the source code to ensure that input is properly sanitised and
> verified..
> Do not visit untrusted web sites while logged on to the application.
>
> PROVIDED AND/OR DISCOVERED BY:
> Antonio "s4tan" Parata, Francesco "ascii" Ongaro, and Giovanni
> "evilaliv3" Pellerano.
>
> ORIGINAL ADVISORY:
> http://www.ush.it/team/ush/hack-zabbix_162/adv.txt
Upstream fixed this issue in his svn repository (svn://svn.zabbix.com)
r6710,r6709,r6658,r6657,r6645,r6644,r6626-r6621
If you fix the vulnerability please also make sure to include the CVE id
(if available) in the changelog entry.
[1]http://secunia.com/advisories/34091/
Cheers,
Giuseppe.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAkmuxoMACgkQNxpp46476aqqsQCdFYZZF+l9mU/s8IrE2EzRAqL2
DfMAn1ZYYkuhXxpNW9ArWp6qOlJc6wdE
=Ns8S
-----END PGP SIGNATURE-----
--- End Message ---
--- Begin Message ---
Source: zabbix
Source-Version: 1:1.6.3-1
We believe that the bug you reported is fixed in the latest version of
zabbix, which is due to be installed in the Debian FTP archive:
zabbix-agent_1.6.3-1_i386.deb
to pool/main/z/zabbix/zabbix-agent_1.6.3-1_i386.deb
zabbix-frontend-php_1.6.3-1_all.deb
to pool/main/z/zabbix/zabbix-frontend-php_1.6.3-1_all.deb
zabbix-proxy-mysql_1.6.3-1_i386.deb
to pool/main/z/zabbix/zabbix-proxy-mysql_1.6.3-1_i386.deb
zabbix-proxy-pgsql_1.6.3-1_i386.deb
to pool/main/z/zabbix/zabbix-proxy-pgsql_1.6.3-1_i386.deb
zabbix-server-mysql_1.6.3-1_i386.deb
to pool/main/z/zabbix/zabbix-server-mysql_1.6.3-1_i386.deb
zabbix-server-pgsql_1.6.3-1_i386.deb
to pool/main/z/zabbix/zabbix-server-pgsql_1.6.3-1_i386.deb
zabbix_1.6.3-1.diff.gz
to pool/main/z/zabbix/zabbix_1.6.3-1.diff.gz
zabbix_1.6.3-1.dsc
to pool/main/z/zabbix/zabbix_1.6.3-1.dsc
zabbix_1.6.3.orig.tar.gz
to pool/main/z/zabbix/zabbix_1.6.3.orig.tar.gz
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 518...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Michael Ablassmeier <a...@debian.org> (supplier of updated zabbix package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Sat, 28 Mar 2009 16:11:34 +0100
Source: zabbix
Binary: zabbix-agent zabbix-server-mysql zabbix-server-pgsql
zabbix-frontend-php zabbix-proxy-pgsql zabbix-proxy-mysql
Architecture: source i386 all
Version: 1:1.6.3-1
Distribution: unstable
Urgency: low
Maintainer: Zabbix Maintainers <kobold-zab...@debian.org>
Changed-By: Michael Ablassmeier <a...@debian.org>
Description:
zabbix-agent - network monitoring solution - agent
zabbix-frontend-php - network monitoring solution - PHP front-end
zabbix-proxy-mysql - network monitoring solution - proxy (using PostgreSQL)
zabbix-proxy-pgsql - network monitoring solution - proxy (using MySQL)
zabbix-server-mysql - network monitoring solution - server (using MySQL)
zabbix-server-pgsql - network monitoring solution - server (using PostgreSQL)
Closes: 518193
Changes:
zabbix (1:1.6.3-1) unstable; urgency=low
.
[ Fabio Tranchitella ]
* New upstream release.
.
[ Michael Ablassmeier ]
* Includes fix for security issues in frontend (SA34091)
(Closes: #518193)
* Don't install directories in /var/run, they are created on boot time
by our init scripts.
Checksums-Sha1:
cec2706343eff42a5d33def73f606e929def944a 1470 zabbix_1.6.3-1.dsc
9cf16c8171506486d580906c4978b5dbae36c593 8323979 zabbix_1.6.3.orig.tar.gz
cc1bcca237ff03776622d55e0774e61a1bc1c83b 26662 zabbix_1.6.3-1.diff.gz
9c2f9e507eb74a8fdfc92b1c2ae1a74441e04e80 192908 zabbix-agent_1.6.3-1_i386.deb
fe00b660d893f675b9fc26963ebbdab4bbb64ace 538392
zabbix-server-mysql_1.6.3-1_i386.deb
8e5bd9e9cc89e99eb3aae6f546f2d9f4fbe0c83d 531102
zabbix-server-pgsql_1.6.3-1_i386.deb
5e289e88516db397ea5a47910ebdd2b6fefdde87 479192
zabbix-proxy-pgsql_1.6.3-1_i386.deb
edf2f9982ab273138700b12824be03e0746b915a 483684
zabbix-proxy-mysql_1.6.3-1_i386.deb
a11c98081063283d62d3bdba2e6c41e0ccb2a718 1283722
zabbix-frontend-php_1.6.3-1_all.deb
Checksums-Sha256:
bc706798981f82729a90ae3704e9fae66b3bff4689bb7b644d5d886b9f04ca65 1470
zabbix_1.6.3-1.dsc
e29428f8c7f7d56d189077fb29605b084b7c10c02cb04671923f686ef5299a31 8323979
zabbix_1.6.3.orig.tar.gz
9a3dd902d72bb6073e22928517940199e2d7f345fb241b40db4feb69e92d9146 26662
zabbix_1.6.3-1.diff.gz
ec88ff9012bc54ce1553ee941214990b0918ada8592ec13804ef48634f5cf585 192908
zabbix-agent_1.6.3-1_i386.deb
021cdfa9910fe8b40c56b8918b6b9e133fb947d58c5ebb0338bfffa18f3acc21 538392
zabbix-server-mysql_1.6.3-1_i386.deb
82beb9f8fd12e76cb2a4786a8fbadba7e6a806c9a49d02c340d4cc5fa0794b41 531102
zabbix-server-pgsql_1.6.3-1_i386.deb
64f6609384a7ba9f1a7b461440cbad57a205831856daec70d7c01ec1254a011f 479192
zabbix-proxy-pgsql_1.6.3-1_i386.deb
1ec6dfae8fdac0a0c59c1734d67352c7946e6e73de027cd3f7ab1ff478fd8f15 483684
zabbix-proxy-mysql_1.6.3-1_i386.deb
7502afe2ca28ece8b5920d625b275a405011fd53e727c130d511ab716ec69b66 1283722
zabbix-frontend-php_1.6.3-1_all.deb
Files:
4c27ed93dbc62a042e4f60f54e12b40b 1470 net optional zabbix_1.6.3-1.dsc
e0852158804ff548faf3a1c1344ffc0d 8323979 net optional zabbix_1.6.3.orig.tar.gz
527e5bf6b6fc3f2c4d63337555163009 26662 net optional zabbix_1.6.3-1.diff.gz
b83ba4212b6f17817f27f7d273f746c2 192908 net optional
zabbix-agent_1.6.3-1_i386.deb
f42b1ff62bff19ea13e07c746013a7f3 538392 net optional
zabbix-server-mysql_1.6.3-1_i386.deb
35ac60e8d79c09870b7a2d6751181ce2 531102 net optional
zabbix-server-pgsql_1.6.3-1_i386.deb
fdeb2e83444936a55a2c9ba17c8a623e 479192 net optional
zabbix-proxy-pgsql_1.6.3-1_i386.deb
39d149f6452f9c97efda513157a65dc3 483684 net optional
zabbix-proxy-mysql_1.6.3-1_i386.deb
fa049eabb53c85a70924d3fa22a41cfc 1283722 net optional
zabbix-frontend-php_1.6.3-1_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAknOR+4ACgkQEFV7g4B8rCXDmwCfREHjg+a9DNTuGjedrQgWcb25
KJEAn08+PV3aKsWKGoagPXeGQZWWtBLF
=eyWo
-----END PGP SIGNATURE-----
--- End Message ---
