Search...

ZABBIX 'only_hostid' Parameter SQL Injection Vulnerability

2011-11-30T00:00:00

ID OPENVAS:1361412562310103348
Type openvas
Reporter This script is Copyright (C) 2011 Greenbone Networks GmbH
Modified 2018-10-20T00:00:00

Description

ZABBIX is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

                                        
                                            ###############################################################################
# OpenVAS Vulnerability Test
# $Id: gb_zabbix_50803.nasl 11997 2018-10-20 11:59:41Z mmartin $
#
# ZABBIX 'only_hostid' Parameter SQL Injection Vulnerability
#
# Authors:
# Michael Meyer &lt;michael.meyer@greenbone.net&gt;
#
# Copyright:
# Copyright (c) 2011 Greenbone Networks GmbH
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################

CPE = "cpe:/a:zabbix:zabbix";

if(description)
{
  script_oid("1.3.6.1.4.1.25623.1.0.103348");
  script_bugtraq_id(50803);
  script_cve_id("CVE-2011-4674");
  script_tag(name:"cvss_base", value:"7.5");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_version("$Revision: 11997 $");
  script_name("ZABBIX 'only_hostid' Parameter SQL Injection Vulnerability");
  script_tag(name:"last_modification", value:"$Date: 2018-10-20 13:59:41 +0200 (Sat, 20 Oct 2018) $");
  script_tag(name:"creation_date", value:"2011-11-30 11:34:16 +0100 (Wed, 30 Nov 2011)");
  script_category(ACT_GATHER_INFO);
  script_family("Web application abuses");
  script_copyright("This script is Copyright (C) 2011 Greenbone Networks GmbH");
  script_dependencies("zabbix_detect.nasl", "zabbix_web_detect.nasl"); # nb: Only the Web-GUI is providing a version
  script_require_ports("Services/www", 80);
  script_mandatory_keys("Zabbix/Web/installed");

  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/50803");
  script_xref(name:"URL", value:"http://www.zabbix.com/index.php");
  script_xref(name:"URL", value:"https://support.zabbix.com/browse/ZBX-4385");

  script_tag(name:"summary", value:"ZABBIX is prone to an SQL-injection vulnerability because it fails
  to sufficiently sanitize user-supplied data before using it in an
  SQL query.");
  script_tag(name:"impact", value:"Exploiting this issue could allow an attacker to compromise the
  application, access or modify data, or exploit latent vulnerabilities
  in the underlying database.");
  script_tag(name:"affected", value:"ZABBIX versions 1.8.3 and 1.8.4 are vulnerable.");
  script_tag(name:"solution", value:"Updates are available. Please see the references for more details.");

  script_tag(name:"solution_type", value:"VendorFix");
  script_tag(name:"qod_type", value:"remote_banner_unreliable");

  exit(0);
}

include("host_details.inc");
include("version_func.inc");

if( ! port = get_app_port( cpe:CPE ) ) exit( 0 );
if( ! vers = get_app_version( cpe:CPE, port:port ) ) exit( 0 );

if( version_is_equal( version:vers, test_version:"1.8.3" ) ||
    version_is_equal( version:vers, test_version:"1.8.4" ) ) {
  report = report_fixed_ver( installed_version:vers, fixed_version:"See references" );
  security_message( port:port, data:report );
  exit( 0 );
}

exit( 99 );

JSON Vulners Source

Initial Source

{"id": "OPENVAS:1361412562310103348", "type": "openvas", "bulletinFamily": "scanner", "title": "ZABBIX 'only_hostid' Parameter SQL Injection Vulnerability", "description": "ZABBIX is prone to an SQL-injection vulnerability because it fails\n to sufficiently sanitize user-supplied data before using it in an\n SQL query.", "published": "2011-11-30T00:00:00", "modified": "2018-10-20T00:00:00", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310103348", "reporter": "This script is Copyright (C) 2011 Greenbone Networks GmbH", "references": ["http://www.zabbix.com/index.php", "https://support.zabbix.com/browse/ZBX-4385", "http://www.securityfocus.com/bid/50803"], "cvelist": ["CVE-2011-4674"], "lastseen": "2019-05-29T18:39:26", "viewCount": 21, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2011-4674"]}, {"type": "dsquare", "idList": ["E-313"]}, {"type": "nessus", "idList": ["FEDORA_2011-16712.NASL", "FEDORA_2011-16745.NASL", "GENTOO_GLSA-201311-15.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310863861", "OPENVAS:863656", "OPENVAS:1361412562310121074", "OPENVAS:1361412562310863656", "OPENVAS:863861", "OPENVAS:1361412562310902769"]}, {"type": "exploitdb", "idList": ["EDB-ID:18155"]}, {"type": "gentoo", "idList": ["GLSA-201311-15"]}], "modified": "2019-05-29T18:39:26", "rev": 2}, "score": {"value": 6.3, "vector": "NONE", "modified": "2019-05-29T18:39:26", "rev": 2}, "vulnersScore": 6.3}, "pluginID": "1361412562310103348", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_zabbix_50803.nasl 11997 2018-10-20 11:59:41Z mmartin $\n#\n# ZABBIX 'only_hostid' Parameter SQL Injection Vulnerability\n#\n# Authors:\n# Michael Meyer <michael.meyer@greenbone.net>\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:zabbix:zabbix\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.103348\");\n script_bugtraq_id(50803);\n script_cve_id(\"CVE-2011-4674\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_version(\"$Revision: 11997 $\");\n script_name(\"ZABBIX 'only_hostid' Parameter SQL Injection Vulnerability\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-20 13:59:41 +0200 (Sat, 20 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2011-11-30 11:34:16 +0100 (Wed, 30 Nov 2011)\");\n script_category(ACT_GATHER_INFO);\n script_family(\"Web application abuses\");\n script_copyright(\"This script is Copyright (C) 2011 Greenbone Networks GmbH\");\n script_dependencies(\"zabbix_detect.nasl\", \"zabbix_web_detect.nasl\"); # nb: Only the Web-GUI is providing a version\n script_require_ports(\"Services/www\", 80);\n script_mandatory_keys(\"Zabbix/Web/installed\");\n\n script_xref(name:\"URL\", value:\"http://www.securityfocus.com/bid/50803\");\n script_xref(name:\"URL\", value:\"http://www.zabbix.com/index.php\");\n script_xref(name:\"URL\", value:\"https://support.zabbix.com/browse/ZBX-4385\");\n\n script_tag(name:\"summary\", value:\"ZABBIX is prone to an SQL-injection vulnerability because it fails\n to sufficiently sanitize user-supplied data before using it in an\n SQL query.\");\n script_tag(name:\"impact\", value:\"Exploiting this issue could allow an attacker to compromise the\n application, access or modify data, or exploit latent vulnerabilities\n in the underlying database.\");\n script_tag(name:\"affected\", value:\"ZABBIX versions 1.8.3 and 1.8.4 are vulnerable.\");\n script_tag(name:\"solution\", value:\"Updates are available. Please see the references for more details.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"remote_banner_unreliable\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif( ! port = get_app_port( cpe:CPE ) ) exit( 0 );\nif( ! vers = get_app_version( cpe:CPE, port:port ) ) exit( 0 );\n\nif( version_is_equal( version:vers, test_version:\"1.8.3\" ) ||\n version_is_equal( version:vers, test_version:\"1.8.4\" ) ) {\n report = report_fixed_ver( installed_version:vers, fixed_version:\"See references\" );\n security_message( port:port, data:report );\n exit( 0 );\n}\n\nexit( 99 );", "naslFamily": "Web application abuses"}

{"cve": [{"lastseen": "2020-10-03T11:39:34", "description": "SQL injection vulnerability in popup.php in Zabbix 1.8.3 and 1.8.4, and possibly other versions before 1.8.9, allows remote attackers to execute arbitrary SQL commands via the only_hostid parameter.", "edition": 3, "cvss3": {}, "published": "2011-12-02T18:55:00", "title": "CVE-2011-4674", "type": "cve", "cwe": ["CWE-89"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-4674"], "modified": "2017-08-29T01:30:00", "cpe": ["cpe:/a:zabbix:zabbix:1.8.3", "cpe:/a:zabbix:zabbix:1.8.4"], "id": "CVE-2011-4674", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-4674", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:zabbix:zabbix:1.8.3:*:*:*:*:*:*:*", "cpe:2.3:a:zabbix:zabbix:1.8.4:*:*:*:*:*:*:*"]}], "openvas": [{"lastseen": "2019-05-29T18:38:50", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-4674"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2012-04-02T00:00:00", "id": "OPENVAS:1361412562310863861", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310863861", "type": "openvas", "title": "Fedora Update for zabbix FEDORA-2011-16745", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for zabbix FEDORA-2011-16745\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2011-December/070811.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.863861\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-04-02 12:26:05 +0530 (Mon, 02 Apr 2012)\");\n script_cve_id(\"CVE-2011-4674\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name:\"FEDORA\", value:\"2011-16745\");\n script_name(\"Fedora Update for zabbix FEDORA-2011-16745\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'zabbix'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC16\");\n script_tag(name:\"affected\", value:\"zabbix on Fedora 16\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC16\")\n{\n\n if ((res = isrpmvuln(pkg:\"zabbix\", rpm:\"zabbix~1.8.9~1.fc16\", rls:\"FC16\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:39:48", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-4674"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2011-12-12T00:00:00", "id": "OPENVAS:1361412562310863656", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310863656", "type": "openvas", "title": "Fedora Update for zabbix FEDORA-2011-16712", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for zabbix FEDORA-2011-16712\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2011-December/070820.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.863656\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-12-12 12:02:18 +0530 (Mon, 12 Dec 2011)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name:\"FEDORA\", value:\"2011-16712\");\n script_cve_id(\"CVE-2011-4674\");\n script_name(\"Fedora Update for zabbix FEDORA-2011-16712\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'zabbix'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC15\");\n script_tag(name:\"affected\", value:\"zabbix on Fedora 15\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC15\")\n{\n\n if ((res = isrpmvuln(pkg:\"zabbix\", rpm:\"zabbix~1.8.9~1.fc15\", rls:\"FC15\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2018-01-06T13:07:04", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-4674"], "description": "Check for the Version of zabbix", "modified": "2018-01-04T00:00:00", "published": "2012-04-02T00:00:00", "id": "OPENVAS:863861", "href": "http://plugins.openvas.org/nasl.php?oid=863861", "type": "openvas", "title": "Fedora Update for zabbix FEDORA-2011-16745", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for zabbix FEDORA-2011-16745\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"ZABBIX is software that monitors numerous parameters of a network and\n the health and integrity of servers. ZABBIX uses a flexible\n notification mechanism that allows users to configure e-mail based\n alerts for virtually any event. This allows a fast reaction to server\n problems. ZABBIX offers excellent reporting and data visualisation\n features based on the stored data. This makes ZABBIX ideal for\n capacity planning.\n\n ZABBIX supports both polling and trapping. All ZABBIX reports and\n statistics, as well as configuration parameters are accessed through a\n web-based front end. A web-based front end ensures that the status of\n your network and the health of your servers can be assessed from any\n location. Properly configured, ZABBIX can play an important role in\n monitoring IT infrastructure. This is equally true for small\n organisations with a few servers and for large companies with a\n multitude of servers.\";\n\ntag_affected = \"zabbix on Fedora 16\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2011-December/070811.html\");\n script_id(863861);\n script_version(\"$Revision: 8285 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-04 07:29:16 +0100 (Thu, 04 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-04-02 12:26:05 +0530 (Mon, 02 Apr 2012)\");\n script_cve_id(\"CVE-2011-4674\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"FEDORA\", value: \"2011-16745\");\n script_name(\"Fedora Update for zabbix FEDORA-2011-16745\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of zabbix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC16\")\n{\n\n if ((res = isrpmvuln(pkg:\"zabbix\", rpm:\"zabbix~1.8.9~1.fc16\", rls:\"FC16\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-25T10:55:27", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-4674"], "description": "Check for the Version of zabbix", "modified": "2017-07-10T00:00:00", "published": "2011-12-12T00:00:00", "id": "OPENVAS:863656", "href": "http://plugins.openvas.org/nasl.php?oid=863656", "type": "openvas", "title": "Fedora Update for zabbix FEDORA-2011-16712", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for zabbix FEDORA-2011-16712\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"ZABBIX is software that monitors numerous parameters of a network and\n the health and integrity of servers. ZABBIX uses a flexible\n notification mechanism that allows users to configure e-mail based\n alerts for virtually any event. This allows a fast reaction to server\n problems. ZABBIX offers excellent reporting and data visualisation\n features based on the stored data. This makes ZABBIX ideal for\n capacity planning.\n\n ZABBIX supports both polling and trapping. All ZABBIX reports and\n statistics, as well as configuration parameters are accessed through a\n web-based front end. A web-based front end ensures that the status of\n your network and the health of your servers can be assessed from any\n location. Properly configured, ZABBIX can play an important role in\n monitoring IT infrastructure. This is equally true for small\n organisations with a few servers and for large companies with a\n multitude of servers.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"zabbix on Fedora 15\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2011-December/070820.html\");\n script_id(863656);\n script_version(\"$Revision: 6626 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:30:10 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-12-12 12:02:18 +0530 (Mon, 12 Dec 2011)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"FEDORA\", value: \"2011-16712\");\n script_cve_id(\"CVE-2011-4674\");\n script_name(\"Fedora Update for zabbix FEDORA-2011-16712\");\n\n script_summary(\"Check for the Version of zabbix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC15\")\n{\n\n if ((res = isrpmvuln(pkg:\"zabbix\", rpm:\"zabbix~1.8.9~1.fc15\", rls:\"FC15\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2020-05-12T17:31:53", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-4674"], "description": "This host is running Zabbix and is prone to SQL injection\n vulnerability.", "modified": "2020-05-08T00:00:00", "published": "2011-12-15T00:00:00", "id": "OPENVAS:1361412562310902769", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310902769", "type": "openvas", "title": "Zabbix 'only_hostid' Parameter SQL Injection Vulnerability", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Zabbix 'only_hostid' Parameter SQL Injection Vulnerability\n#\n# Authors:\n# Madhuri D <dmadhuri@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2011 SecPod, http://www.secpod.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:zabbix:zabbix\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.902769\");\n script_version(\"2020-05-08T08:34:44+0000\");\n script_cve_id(\"CVE-2011-4674\");\n script_bugtraq_id(50803);\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-05-08 08:34:44 +0000 (Fri, 08 May 2020)\");\n script_tag(name:\"creation_date\", value:\"2011-12-15 11:10:21 +0530 (Thu, 15 Dec 2011)\");\n script_name(\"Zabbix 'only_hostid' Parameter SQL Injection Vulnerability\");\n script_category(ACT_ATTACK);\n script_copyright(\"Copyright (C) 2011 SecPod\");\n script_family(\"Web application abuses\");\n script_dependencies(\"zabbix_web_detect.nasl\");\n script_require_ports(\"Services/www\", 80);\n script_mandatory_keys(\"Zabbix/Web/installed\");\n\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/45502/\");\n script_xref(name:\"URL\", value:\"http://xforce.iss.net/xforce/xfdb/71479\");\n script_xref(name:\"URL\", value:\"http://www.exploit-db.com/exploits/18155/\");\n script_xref(name:\"URL\", value:\"https://support.zabbix.com/browse/ZBX-4385\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow attacker to perform SQL Injection attack\n and gain sensitive information.\");\n script_tag(name:\"affected\", value:\"Zabbix version 1.8.4 and prior\");\n script_tag(name:\"insight\", value:\"The flaw is due to improper validation of user-supplied input passed\n via the 'only_hostid' parameter to 'popup.php', which allows attackers to\n manipulate SQL queries by injecting arbitrary SQL code.\");\n script_tag(name:\"solution\", value:\"Upgrade to Zabbix version 1.8.9 or later\");\n script_tag(name:\"summary\", value:\"This host is running Zabbix and is prone to SQL injection\n vulnerability.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"remote_vul\");\n\n script_xref(name:\"URL\", value:\"http://www.zabbix.com/index.php\");\n exit(0);\n}\n\ninclude(\"http_func.inc\");\ninclude(\"http_keepalive.inc\");\ninclude(\"host_details.inc\");\n\nif( ! port = get_app_port( cpe:CPE, service:\"www\" ) ) exit( 0 );\nif( ! dir = get_app_location( cpe:CPE, port:port ) ) exit( 0 );\n\nurl = dir + \"/popup.php?dstfrm=form_scenario&dstfld1=application&srctbl=applications&srcfld1=name&only_hostid='\";\nif( http_vuln_check( port:port, url:url, pattern:\"You have an error in your SQL syntax;\" ) ) {\n report = http_report_vuln_url( port:port, url:url );\n security_message( port:port, data:report );\n exit( 0 );\n}\n\nexit( 99 );\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:35:57", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-4674", "CVE-2013-1364", "CVE-2010-1277", "CVE-2013-5572", "CVE-2011-3263", "CVE-2012-3435", "CVE-2011-2904"], "description": "Gentoo Linux Local Security Checks GLSA 201311-15", "modified": "2018-10-26T00:00:00", "published": "2015-09-29T00:00:00", "id": "OPENVAS:1361412562310121074", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310121074", "type": "openvas", "title": "Gentoo Security Advisory GLSA 201311-15", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: glsa-201311-15.nasl 12128 2018-10-26 13:35:25Z cfischer $\n#\n# Gentoo Linux security check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.121074\");\n script_version(\"$Revision: 12128 $\");\n script_tag(name:\"creation_date\", value:\"2015-09-29 11:26:20 +0300 (Tue, 29 Sep 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-26 15:35:25 +0200 (Fri, 26 Oct 2018) $\");\n script_name(\"Gentoo Security Advisory GLSA 201311-15\");\n script_tag(name:\"insight\", value:\"Multiple vulnerabilities have been discovered in Zabbix. Please review the CVE identifiers referenced below for details.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://security.gentoo.org/glsa/201311-15\");\n script_cve_id(\"CVE-2010-1277\", \"CVE-2011-2904\", \"CVE-2011-3263\", \"CVE-2011-4674\", \"CVE-2012-3435\", \"CVE-2013-1364\", \"CVE-2013-5572\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"Gentoo Linux Local Security Checks GLSA 201311-15\");\n script_copyright(\"Eero Volotinen\");\n script_family(\"Gentoo Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\n\nif((res=ispkgvuln(pkg:\"net-analyzer/zabbix\", unaffected: make_list(\"ge 2.0.9_rc1-r2\"), vulnerable: make_list(\"lt 2.0.9_rc1-r2\"))) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "dsquare": [{"lastseen": "2019-05-29T15:31:56", "bulletinFamily": "exploit", "cvelist": ["CVE-2011-4674"], "description": "Zabbix popup.php SQL Injection\n\nVulnerability Type: SQL Injection", "modified": "2013-04-02T00:00:00", "published": "2012-07-05T00:00:00", "id": "E-313", "href": "", "type": "dsquare", "title": "Zabbix <= 1.8.4 SQL Injection", "sourceData": "For the exploit source code contact DSquare Security sales team.", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "exploitdb": [{"lastseen": "2016-02-02T09:16:17", "description": "Zabbix <= 1.8.4 - (popup.php) SQL Injection. CVE-2011-4674. Webapps exploit for php platform", "published": "2011-11-24T00:00:00", "type": "exploitdb", "title": "Zabbix <= 1.8.4 - popup.php SQL Injection", "bulletinFamily": "exploit", "cvelist": ["CVE-2011-4674"], "modified": "2011-11-24T00:00:00", "id": "EDB-ID:18155", "href": "https://www.exploit-db.com/exploits/18155/", "sourceData": "# Exploit Title: Zabbix <= 1.8.4 SQL Injection\r\n# Google Dork: \"Zabbix 1.8.4 Copyright 2001-2010 by SIA Zabbix\"\r\n# Date: November 24th, 2011\r\n# Author: Marcio Almeida\r\n# Software Link:\r\nhttp://sourceforge.net/projects/zabbix/files/ZABBIX%20Latest%20Stable/1.8.4/zabbix-1.8.4.tar.gz/download\r\n# Version: <= 1.8.4\r\n# Tested on: Linux\r\n\r\n=============================================\r\n- Release date: November 24th, 2011\r\n- Discovered by: Marcio Almeida\r\n- Severity: High\r\n=============================================\r\n- Google Dork: \"Zabbix 1.8.4 Copyright 2001-2010 by SIA Zabbix\"\r\n=============================================\r\n\r\nI. VULNERABILITY\r\n-------------------------\r\nZabbix <= 1.8.4 SQL Injection\r\n\r\nII. BACKGROUND\r\n-------------------------\r\nZabbix is an enterprise-class open source distributed monitoring solution.\r\nZabbix is software that monitors numerous parameters of a network and the\r\nhealth and integrity of servers. Properly configured, Zabbix can play an\r\nimportant role in monitoring IT infrastructure. This is equally true for\r\nsmall organisations with a few servers and for large companies with a\r\nmultitude of servers.\r\n\r\nIII. INTRODUCTION\r\n-------------------------\r\nZabbix version 1.8.3 and 1.8.4 has one vulnerability in the popup.php that\r\nenables an attacker to perform a SQL Injection Attack. No authentication\r\nrequired.\r\n\r\nIV. VULNERABLE CODE\r\n-------------------------\r\n\r\nFile popup.php line 1513:\r\n\r\n\r\n$sql = 'SELECT DISTINCT hostid,host '.\r\n ' FROM hosts'.\r\n ' WHERE '.DBin_node('hostid', $nodeid).\r\n ' AND status IN\r\n('.HOST_STATUS_PROXY_ACTIVE.','.HOST_STATUS_PROXY_PASSIVE.')'.\r\n ' ORDER BY host,hostid';\r\n$result = DBselect($sql);\r\n\r\n\r\nV. PROOF OF CONCEPT\r\n-------------------------\r\n\r\nBelow is a PoC request that retrieves all logins and MD5 password hashes of\r\nzabbix in MySQL Database:\r\n\r\nhttp://localhost/zabbix/popup.php?dstfrm=form_scenario&dstfld1=application&srctbl=applications&srcfld1=name&only_hostid=-1))%20union%20select%201,group_concat(surname,0x2f,passwd)%20from%20users%23\r\n\r\n\r\nVI. BUSINESS IMPACT\r\n-------------------------\r\nAn attacker could exploit the vulnerability to retrieve any data from\r\ndatabases accessible by zabbix db user.\r\nIn case zabbix has been given a more privileged mysql account the\r\nexploitation could go as far as code execution.\r\n\r\nAn important remark regards the fact that the version 1.8.4 of zabbix\r\nweb software is the current version installed by the apt-get command\r\nin debian linux distros.\r\n\r\nVII. SYSTEMS AFFECTED\r\n-------------------------\r\nVersions 1.8.3 and 1.8.4 are vulnerable.\r\n\r\nVIII. SOLUTION\r\n-------------------------\r\nUpgrade to version 1.8.9 that has just come out.\r\n\r\nIX. REFERENCES\r\n-------------------------\r\nhttp://www.zabbix.com\r\nhttps://support.zabbix.com/browse/ZBX-4385\r\nhttp://www.securityfocus.com/bid/50803/info\r\n\r\nX. CREDITS\r\n-------------------------\r\nThe vulnerability has been discovered by Marcio Almeida\r\nmarcio (at) alligatorteam (dot) org\r\n@marcioalm\r\nwww.alligatorteam.org\r\n\r\nXI. ACKNOWLEDGEMENTS\r\n-------------------------\r\nTo Heyder Andrade for development of Vulture.\r\nTo the Alligator Security Team.\r\n\r\nXII. LEGAL NOTICES\r\n-------------------------\r\nThe information contained within this advisory is supplied \"as-is\" with\r\nno warranties or guarantees of fitness of use or otherwise. I accept no\r\nresponsibility for any damage caused by the use or misuse of this\r\ninformation.\r\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": "https://www.exploit-db.com/download/18155/"}], "fedora": [{"lastseen": "2020-12-21T08:17:50", "bulletinFamily": "unix", "cvelist": ["CVE-2011-4674"], "description": "ZABBIX is software that monitors numerous parameters of a network and the health and integrity of servers. ZABBIX uses a flexible notification mechanism that allows users to configure e-mail based alerts for virtually any event. This allows a fast reaction to server problems. ZABBIX offers excellent reporting and data visualisation features based on the stored data. This makes ZABBIX ideal for capacity planning. ZABBIX supports both polling and trapping. All ZABBIX reports and statistics, as well as configuration parameters are accessed through a web-based front end. A web-based front end ensures that the status of your network and the health of your servers can be assessed from any location. Properly configured, ZABBIX can play an important role in monitoring IT infrastructure. This is equally true for small organisations with a few servers and for large companies with a multitude of servers. ", "modified": "2011-12-11T21:49:16", "published": "2011-12-11T21:49:16", "id": "FEDORA:A6C5921308", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 16 Update: zabbix-1.8.9-1.fc16", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:50", "bulletinFamily": "unix", "cvelist": ["CVE-2011-4674"], "description": "ZABBIX is software that monitors numerous parameters of a network and the health and integrity of servers. ZABBIX uses a flexible notification mechanism that allows users to configure e-mail based alerts for virtually any event. This allows a fast reaction to server problems. ZABBIX offers excellent reporting and data visualisation features based on the stored data. This makes ZABBIX ideal for capacity planning. ZABBIX supports both polling and trapping. All ZABBIX reports and statistics, as well as configuration parameters are accessed through a web-based front end. A web-based front end ensures that the status of your network and the health of your servers can be assessed from any location. Properly configured, ZABBIX can play an important role in monitoring IT infrastructure. This is equally true for small organisations with a few servers and for large companies with a multitude of servers. ", "modified": "2011-12-11T21:51:23", "published": "2011-12-11T21:51:23", "id": "FEDORA:0493F21371", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 15 Update: zabbix-1.8.9-1.fc15", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "nessus": [{"lastseen": "2021-01-12T10:09:22", "description": " - update to 1.8.9\n\n - upstream changelog at\n http://www.zabbix.com/rn1.8.9.php\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 28, "published": "2011-12-12T00:00:00", "title": "Fedora 15 : zabbix-1.8.9-1.fc15 (2011-16712)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-4674"], "modified": "2011-12-12T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:zabbix", "cpe:/o:fedoraproject:fedora:15"], "id": "FEDORA_2011-16712.NASL", "href": "https://www.tenable.com/plugins/nessus/57077", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2011-16712.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(57077);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2011-4674\");\n script_bugtraq_id(50803);\n script_xref(name:\"FEDORA\", value:\"2011-16712\");\n\n script_name(english:\"Fedora 15 : zabbix-1.8.9-1.fc15 (2011-16712)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - update to 1.8.9\n\n - upstream changelog at\n http://www.zabbix.com/rn1.8.9.php\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # http://www.zabbix.com/rn1.8.9.php\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.zabbix.com/rn/rn1.8.9\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=759591\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2011-December/070820.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?d5485bdd\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected zabbix package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"d2_elliot_name\", value:\"Zabbix <= 1.8.4 SQL Injection\");\n script_set_attribute(attribute:\"exploit_framework_d2_elliot\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:zabbix\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:15\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/12/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/12/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/12/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^15([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 15.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC15\", reference:\"zabbix-1.8.9-1.fc15\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"zabbix\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-12T10:09:22", "description": " - update to 1.8.9\n\n - upstream changelog at\n http://www.zabbix.com/rn1.8.9.php\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 28, "published": "2011-12-12T00:00:00", "title": "Fedora 16 : zabbix-1.8.9-1.fc16 (2011-16745)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-4674"], "modified": "2011-12-12T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:zabbix", "cpe:/o:fedoraproject:fedora:16"], "id": "FEDORA_2011-16745.NASL", "href": "https://www.tenable.com/plugins/nessus/57078", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2011-16745.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(57078);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2011-4674\");\n script_bugtraq_id(50803);\n script_xref(name:\"FEDORA\", value:\"2011-16745\");\n\n script_name(english:\"Fedora 16 : zabbix-1.8.9-1.fc16 (2011-16745)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - update to 1.8.9\n\n - upstream changelog at\n http://www.zabbix.com/rn1.8.9.php\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # http://www.zabbix.com/rn1.8.9.php\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.zabbix.com/rn/rn1.8.9\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=759591\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2011-December/070811.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?a61de484\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected zabbix package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"d2_elliot_name\", value:\"Zabbix <= 1.8.4 SQL Injection\");\n script_set_attribute(attribute:\"exploit_framework_d2_elliot\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:zabbix\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:16\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/12/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/12/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/12/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^16([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 16.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC16\", reference:\"zabbix-1.8.9-1.fc16\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"zabbix\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-07T10:55:19", "description": "The remote host is affected by the vulnerability described in GLSA-201311-15\n(Zabbix: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in Zabbix. Please review\n the CVE identifiers referenced below for details.\n \nImpact :\n\n A remote attacker may be able to execute arbitrary SQL statements, cause\n a Denial of Service condition, or obtain sensitive information.\n \nWorkaround :\n\n There is no known workaround at this time.", "edition": 24, "published": "2013-11-26T00:00:00", "title": "GLSA-201311-15 : Zabbix: Multiple vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-4674", "CVE-2013-1364", "CVE-2010-1277", "CVE-2013-5572", "CVE-2011-3263", "CVE-2012-3435", "CVE-2011-2904"], "modified": "2013-11-26T00:00:00", "cpe": ["cpe:/o:gentoo:linux", "p-cpe:/a:gentoo:linux:zabbix"], "id": "GENTOO_GLSA-201311-15.NASL", "href": "https://www.tenable.com/plugins/nessus/71089", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201311-15.\n#\n# The advisory text is Copyright (C) 2001-2019 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(71089);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2010-1277\", \"CVE-2011-2904\", \"CVE-2011-3263\", \"CVE-2011-4674\", \"CVE-2012-3435\", \"CVE-2013-1364\", \"CVE-2013-5572\");\n script_bugtraq_id(39148, 49016, 50803, 54661, 57471, 62648);\n script_xref(name:\"GLSA\", value:\"201311-15\");\n\n script_name(english:\"GLSA-201311-15 : Zabbix: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201311-15\n(Zabbix: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in Zabbix. Please review\n the CVE identifiers referenced below for details.\n \nImpact :\n\n A remote attacker may be able to execute arbitrary SQL statements, cause\n a Denial of Service condition, or obtain sensitive information.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201311-15\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All Zabbix users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose\n '>=net-analyzer/zabbix-2.0.9_rc1-r2'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"d2_elliot_name\", value:\"Zabbix <= 1.8.4 SQL Injection\");\n script_set_attribute(attribute:\"exploit_framework_d2_elliot\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:zabbix\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2010/04/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/11/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/11/26\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"net-analyzer/zabbix\", unaffected:make_list(\"ge 2.0.9_rc1-r2\"), vulnerable:make_list(\"lt 2.0.9_rc1-r2\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Zabbix\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:46", "bulletinFamily": "unix", "cvelist": ["CVE-2011-4674", "CVE-2013-1364", "CVE-2010-1277", "CVE-2013-5572", "CVE-2011-3263", "CVE-2012-3435", "CVE-2011-2904"], "edition": 1, "description": "### Background\n\nZabbix is software for monitoring applications, networks, and servers.\n\n### Description\n\nMultiple vulnerabilities have been discovered in Zabbix. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nA remote attacker may be able to execute arbitrary SQL statements, cause a Denial of Service condition, or obtain sensitive information. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll Zabbix users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose\n \">=net-analyzer/zabbix-2.0.9_rc1-r2\"", "modified": "2013-11-25T00:00:00", "published": "2013-11-25T00:00:00", "id": "GLSA-201311-15", "href": "https://security.gentoo.org/glsa/201311-15", "type": "gentoo", "title": "Zabbix: Multiple vulnerabilities", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}]}