[zabbix] [CVE-2007-6210] privilege escalation
Bug #174356 reported by
disabled.user
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| zabbix (Ubuntu) |
Fix Released
|
High
|
Unassigned | ||
| Edgy |
Won't Fix
|
Undecided
|
Unassigned | ||
| Feisty |
Won't Fix
|
Undecided
|
Unassigned | ||
| Gutsy |
Won't Fix
|
Undecided
|
Unassigned | ||
Bug Description
References:
[1] DSA-1420-1 (http://
[2] Debian Bug #452682 (http://
[3] CVE-2007-6210 (http://
Quoting [1]:
"Bas van Schaik discovered that the agentd process of Zabbix, a network monitor system, may run user-supplied commands as group id root, not zabbix, which may lead to a privilege escalation."
CVE References
| Changed in zabbix: | |
| assignee: | nobody → emgent |
| importance: | Undecided → High |
| status: | New → In Progress |
| Changed in zabbix: | |
| assignee: | emgent → nobody |
| status: | In Progress → Confirmed |
Revision history for this message
| William Grant (wgrant) wrote | #1 |
| Changed in zabbix: | |
| status: | Confirmed → Fix Released |
Revision history for this message
| Sergio Zanchetta (primes2h) wrote | #4 |
| Changed in zabbix (Ubuntu Gutsy): | |
| status: | New → Won't Fix |
To post a comment you must log in.
Fixed in Hardy.