ESB-2007.0980

Operating System:
[UNIX/Linux][Debian]
Published:
06 December 2007
Protect yourself against future threats.
//Service

Phishing Take-Down

Drawing on our strong international CERT relationships we have a high success rate in delivering phishing take-downs.
Resources > Security Bulletins > ESB-2007.0980
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                   ESB-2007.0980 -- [UNIX/Linux][Debian]
               New zabbix packages fix privilege escalation
                              6 December 2007

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:              zabbix
Publisher:            Debian
Operating System:     Debian GNU/Linux 4.0
                      UNIX variants (UNIX, Linux, OSX)
Impact:               Root Compromise
Access:               Remote/Unauthenticated
CVE Names:            CVE-2007-6210

Original Bulletin:    http://www.debian.org/security/2007/dsa-1420

Comment: This advisory references vulnerabilities in products which run on
         platforms other than Debian. It is recommended that administrators
         running zabbix check for an updated version of the software for
         their operating system.

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- - ------------------------------------------------------------------------
Debian Security Advisory DSA-1420-1                  security@debian.org
http://www.debian.org/security/                          Thijs Kinkhorst
December 05, 2007                     http://www.debian.org/security/faq
- - ------------------------------------------------------------------------

Package        : zabbix
Vulnerability  : programming error
Problem-Type   : remote
Debian-specific: no
CVE ID         : CVE-2007-6210
Debian Bug     : 452682

Bas van Schaik discovered that the agentd process of Zabbix, a network
monitor system, may run user-supplied commands as group id root, not
zabbix, which may lead to a privilege escalation.

For the stable distribution (etch), this problem has been fixed in version
1:1.1.4-10etch1

zabbix is not included in the oldstable distribution (sarge).

We recommend that you upgrade your zabbix packages.

Upgrade instructions
- - --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 4.0 alias etch
- - -------------------------------

Stable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.

Source archives:

  http://security.debian.org/pool/updates/main/z/zabbix/zabbix_1.1.4-10etch1.dsc
    Size/MD5 checksum:      850 4b021367fae2f83903168622449ac3d5
  http://security.debian.org/pool/updates/main/z/zabbix/zabbix_1.1.4-10etch1.diff.gz
    Size/MD5 checksum:    19016 853af44b6fa0f9519710af72d728283b
  http://security.debian.org/pool/updates/main/z/zabbix/zabbix_1.1.4.orig.tar.gz
    Size/MD5 checksum:  1511210 8e733e41506dd34759daba01deeeefd9

Architecture independent packages:

  http://security.debian.org/pool/updates/main/z/zabbix/zabbix-frontend-php_1.1.4-10etch1_all.deb
    Size/MD5 checksum:   337552 2094fd712f01e85f293ffba7628271a3

alpha architecture (DEC Alpha)

  http://security.debian.org/pool/updates/main/z/zabbix/zabbix-server-mysql_1.1.4-10etch1_alpha.deb
    Size/MD5 checksum:   199540 d3c60f5e84c4c24622a93b7b88fcf21b
  http://security.debian.org/pool/updates/main/z/zabbix/zabbix-agent_1.1.4-10etch1_alpha.deb
    Size/MD5 checksum:   134628 a1bc2d6920993443affd3a8751b9ca17
  http://security.debian.org/pool/updates/main/z/zabbix/zabbix-server-pgsql_1.1.4-10etch1_alpha.deb
    Size/MD5 checksum:   208906 3c13b8046ff57e0fa8aea50f2be9ab55

amd64 architecture (AMD x86_64 (AMD64))

  http://security.debian.org/pool/updates/main/z/zabbix/zabbix-agent_1.1.4-10etch1_amd64.deb
    Size/MD5 checksum:   121058 88afd49700d9c27830b144c976d01bbc
  http://security.debian.org/pool/updates/main/z/zabbix/zabbix-server-mysql_1.1.4-10etch1_amd64.deb
    Size/MD5 checksum:   187334 84ff800dfeeaaa15b5bc54da2c60d541
  http://security.debian.org/pool/updates/main/z/zabbix/zabbix-server-pgsql_1.1.4-10etch1_amd64.deb
    Size/MD5 checksum:   197896 f287da9192ed398e4a91eeb466f5d0f2

arm architecture (ARM)

  http://security.debian.org/pool/updates/main/z/zabbix/zabbix-agent_1.1.4-10etch1_arm.deb
    Size/MD5 checksum:   114812 54d95bd62d7fc9c4f7f489b3a6aa61b1
  http://security.debian.org/pool/updates/main/z/zabbix/zabbix-server-mysql_1.1.4-10etch1_arm.deb
    Size/MD5 checksum:   184154 a86d542d9e915e3218857f627987b4da
  http://security.debian.org/pool/updates/main/z/zabbix/zabbix-server-pgsql_1.1.4-10etch1_arm.deb
    Size/MD5 checksum:   195136 69e6a2e140d706ea2e2345af3e4c7079

hppa architecture (HP PA RISC)

  http://security.debian.org/pool/updates/main/z/zabbix/zabbix-agent_1.1.4-10etch1_hppa.deb
    Size/MD5 checksum:   129776 94cf53bf377404b7e735e03958c06b45
  http://security.debian.org/pool/updates/main/z/zabbix/zabbix-server-mysql_1.1.4-10etch1_hppa.deb
    Size/MD5 checksum:   198254 61e71f3347893b5db188f84639aa5408
  http://security.debian.org/pool/updates/main/z/zabbix/zabbix-server-pgsql_1.1.4-10etch1_hppa.deb
    Size/MD5 checksum:   207124 ba7edc382a338dd1c199f5195c70600c

mips architecture (MIPS (Big Endian))

  http://security.debian.org/pool/updates/main/z/zabbix/zabbix-server-mysql_1.1.4-10etch1_mips.deb
    Size/MD5 checksum:   191732 2bf4f31683e0cbc336761bb289637935
  http://security.debian.org/pool/updates/main/z/zabbix/zabbix-server-pgsql_1.1.4-10etch1_mips.deb
    Size/MD5 checksum:   202436 895df858131cb2a7cdaf08872990a5ad
  http://security.debian.org/pool/updates/main/z/zabbix/zabbix-agent_1.1.4-10etch1_mips.deb
    Size/MD5 checksum:   127066 92ffdb635471d03e6557feb09c964b14

mipsel architecture (MIPS (Little Endian))

  http://security.debian.org/pool/updates/main/z/zabbix/zabbix-agent_1.1.4-10etch1_mipsel.deb
    Size/MD5 checksum:   127084 1ec77d9776f50835b0de53280f6d1566
  http://security.debian.org/pool/updates/main/z/zabbix/zabbix-server-pgsql_1.1.4-10etch1_mipsel.deb
    Size/MD5 checksum:   202602 0e6f7eacb323cd92e794374b3ace26f5
  http://security.debian.org/pool/updates/main/z/zabbix/zabbix-server-mysql_1.1.4-10etch1_mipsel.deb
    Size/MD5 checksum:   191870 37f5495aa653af479e47fbd7eaa9d881

powerpc architecture (PowerPC)

  http://security.debian.org/pool/updates/main/z/zabbix/zabbix-server-pgsql_1.1.4-10etch1_powerpc.deb
    Size/MD5 checksum:   200586 d6f8539a23ef645e1acd89053d0ee9b4
  http://security.debian.org/pool/updates/main/z/zabbix/zabbix-server-mysql_1.1.4-10etch1_powerpc.deb
    Size/MD5 checksum:   190128 f15156135f21e6038ea6ecbba9fd39b1
  http://security.debian.org/pool/updates/main/z/zabbix/zabbix-agent_1.1.4-10etch1_powerpc.deb
    Size/MD5 checksum:   124226 db888cf3cc5d4052f5df1faca2e2b959

s390 architecture (IBM S/390)

  http://security.debian.org/pool/updates/main/z/zabbix/zabbix-server-mysql_1.1.4-10etch1_s390.deb
    Size/MD5 checksum:   186494 31fe6349c1df9707e07dcc7f3188f4fa
  http://security.debian.org/pool/updates/main/z/zabbix/zabbix-agent_1.1.4-10etch1_s390.deb
    Size/MD5 checksum:   120012 57d1846b5821c0160ec04fc896f035cb
  http://security.debian.org/pool/updates/main/z/zabbix/zabbix-server-pgsql_1.1.4-10etch1_s390.deb
    Size/MD5 checksum:   197310 73739f20a98209392de313cb1f43add7

sparc architecture (Sun SPARC/UltraSPARC)

  http://security.debian.org/pool/updates/main/z/zabbix/zabbix-server-pgsql_1.1.4-10etch1_sparc.deb
    Size/MD5 checksum:   190724 2139419b2569163970b964008989ceef
  http://security.debian.org/pool/updates/main/z/zabbix/zabbix-agent_1.1.4-10etch1_sparc.deb
    Size/MD5 checksum:   113630 2845f0b14a5a8d57b20cb4646af97f2a
  http://security.debian.org/pool/updates/main/z/zabbix/zabbix-server-mysql_1.1.4-10etch1_sparc.deb
    Size/MD5 checksum:   181714 275fe787f58c0cec7dcbdfe05505778f


  These files will probably be moved into the stable distribution on
  its next update.

- - ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFHVvhfYrVLjBFATsMRAtztAJ4tPwqq/mnldOLs5uOV6q4fR8a0DwCeNjNu
mHiRd9dwvpiLl50n5eJi5Hk=
=QVTQ
- -----END PGP SIGNATURE-----


- -- 
To UNSUBSCRIBE, email to debian-security-announce-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org


- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        http://www.auscert.org.au/render.html?cid=1980

If you believe that your computer system has been compromised or attacked in 
any way, we encourage you to let us know by completing the secure National IT 
Incident Reporting Form at:

        http://www.auscert.org.au/render.html?it=3192

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================

-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQCVAwUBR1c8Lih9+71yA2DNAQK0lgQAhj8Oa8mTGlWnmm8I0ODsQbytq+2dOaQz
RqyAF80x0ivkIyfNaTsT8tMut00AvvLsTjDP8wqC6EgDwhL2mX7N+S6oDpRFcsIV
FSiVL94YqsrVR+FpmA1LspQh5w//WdwgrpHwIVlMOfbUEhix5iNd+LkhNZZk+kc1
9+cGW+S1Dgo=
=03e0
-----END PGP SIGNATURE-----