Lucene search

K
mageiaGentoo FoundationMGASA-2014-0095
HistoryFeb 26, 2014 - 1:31 a.m.

Updated zabbix packages fix multiple vulnerabilities

2014-02-2601:31:27
Gentoo Foundation
advisories.mageia.org
9

5.5 Medium

CVSS2

Access Vector

Access Complexity

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:N/I:P/A:P

0.01 Low

EPSS

Percentile

83.4%

Updated zabbix packages fix security vulnerabilities: Zabbix before 2.0.11 allows remote authenticated users to discover the LDAP bind password by leveraging management-console access and reading the ldap_bind_password value in the HTML source code (CVE-2013-5572). Zabbix before 2.0.11 allows switching users without proper credentials when using HTTP authentication (CVE-2014-1682). In Zabbix before 2.0.11, the admin user is able to update media for other users (CVE-2014-1685).

OSVersionArchitecturePackageVersionFilename
Mageia3noarchzabbix< 2.0.11-1zabbix-2.0.11-1.mga3
Mageia4noarchzabbix< 2.0.11-1zabbix-2.0.11-1.mga4

5.5 Medium

CVSS2

Access Vector

Access Complexity

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:N/I:P/A:P

0.01 Low

EPSS

Percentile

83.4%