{"id": "OPENVAS:866936", "type": "openvas", "bulletinFamily": "scanner", "title": "Fedora Update for zabbix FEDORA-2013-14029", "description": "Check for the Version of zabbix", "published": "2013-10-03T00:00:00", "modified": "2018-01-23T00:00:00", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=866936", "reporter": "Copyright (c) 2013 Greenbone Networks GmbH", "references": ["2013-14029", "https://lists.fedoraproject.org/pipermail/package-announce/2013-September/117569.html"], "cvelist": ["CVE-2012-6086"], "lastseen": "2018-01-23T13:10:14", "viewCount": 1, "enchantments": {"score": {"value": 6.0, "vector": "NONE", "modified": "2018-01-23T13:10:14", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2012-6086"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310866936", "OPENVAS:867770", "OPENVAS:866991", "OPENVAS:1361412562310867140", "OPENVAS:1361412562310867932", "OPENVAS:866989", "OPENVAS:867140", "OPENVAS:1361412562310867830", "OPENVAS:1361412562310866989", "OPENVAS:1361412562310866991"]}, {"type": "nessus", "idList": ["FEDORA_2013-18314.NASL", "FEDORA_2013-18351.NASL", "FEDORA_2013-14029.NASL", "FEDORA_2013-18348.NASL"]}], "modified": "2018-01-23T13:10:14", "rev": 2}, "vulnersScore": 6.0}, "pluginID": "866936", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for zabbix FEDORA-2013-14029\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\nif(description)\n{\n script_id(866936);\n script_version(\"$Revision: 8494 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-23 07:57:55 +0100 (Tue, 23 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-10-03 10:14:01 +0530 (Thu, 03 Oct 2013)\");\n script_cve_id(\"CVE-2012-6086\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_name(\"Fedora Update for zabbix FEDORA-2013-14029\");\n\n tag_insight = \"Zabbix is software that monitors numerous parameters of a network and the\nhealth and integrity of servers. Zabbix uses a flexible notification mechanism\nthat allows users to configure e-mail based alerts for virtually any event.\nThis allows a fast reaction to server problems. Zabbix offers excellent\nreporting and data visualization features based on the stored data.\nThis makes Zabbix ideal for capacity planning.\n\nZabbix supports both polling and trapping. All Zabbix reports and statistics,\nas well as configuration parameters are accessed through a web-based front end.\nA web-based front end ensures that the status of your network and the health of\nyour servers can be assessed from any location. Properly configured, Zabbix can\nplay an important role in monitoring IT infrastructure. This is equally true\nfor small organizations with a few servers and for large companies with a\nmultitude of servers.\n\";\n\n tag_affected = \"zabbix on Fedora 19\";\n\n tag_solution = \"Please Install the Updated Packages.\";\n\n\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name: \"FEDORA\", value: \"2013-14029\");\n script_xref(name: \"URL\" , value: \"https://lists.fedoraproject.org/pipermail/package-announce/2013-September/117569.html\");\n script_tag(name: \"summary\" , value: \"Check for the Version of zabbix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC19\")\n{\n\n if ((res = isrpmvuln(pkg:\"zabbix\", rpm:\"zabbix~2.0.6~3.fc19\", rls:\"FC19\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "naslFamily": "Fedora Local Security Checks"}

{"cve": [{"lastseen": "2020-10-03T12:06:12", "description": "libs/zbxmedia/eztexting.c in Zabbix 1.8.x before 1.8.18rc1, 2.0.x before 2.0.8rc1, and 2.1.x before 2.1.2 does not properly set the CURLOPT_SSL_VERIFYHOST option for libcurl, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.", "edition": 3, "cvss3": {}, "published": "2014-01-29T18:55:00", "title": "CVE-2012-6086", "type": "cve", "cwe": ["CWE-310"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-6086"], "modified": "2016-08-18T14:48:00", "cpe": ["cpe:/a:zabbix:zabbix:1.8.10", "cpe:/a:zabbix:zabbix:2.0.5", "cpe:/a:zabbix:zabbix:2.0.4", "cpe:/a:zabbix:zabbix:2.0.2", "cpe:/a:zabbix:zabbix:2.0.3", "cpe:/a:zabbix:zabbix:2.1.0", "cpe:/a:zabbix:zabbix:2.0.1", "cpe:/a:zabbix:zabbix:1.8.15", "cpe:/a:zabbix:zabbix:2.0.0", "cpe:/a:zabbix:zabbix:1.8.16", "cpe:/a:zabbix:zabbix:2.1.1", "cpe:/a:zabbix:zabbix:2.0.6", "cpe:/a:zabbix:zabbix:1.8.1"], "id": "CVE-2012-6086", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-6086", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:a:zabbix:zabbix:2.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:zabbix:zabbix:2.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:zabbix:zabbix:2.0.0:rc5:*:*:*:*:*:*", "cpe:2.3:a:zabbix:zabbix:2.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:zabbix:zabbix:1.8.1:*:*:*:*:*:*:*", "cpe:2.3:a:zabbix:zabbix:2.0.1:rc1:*:*:*:*:*:*", "cpe:2.3:a:zabbix:zabbix:2.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:zabbix:zabbix:2.0.0:rc4:*:*:*:*:*:*", "cpe:2.3:a:zabbix:zabbix:2.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:zabbix:zabbix:2.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:zabbix:zabbix:1.8.15:rc1:*:*:*:*:*:*", "cpe:2.3:a:zabbix:zabbix:2.0.0:rc3:*:*:*:*:*:*", "cpe:2.3:a:zabbix:zabbix:2.0.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:zabbix:zabbix:2.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:zabbix:zabbix:2.0.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:zabbix:zabbix:2.0.0:rc6:*:*:*:*:*:*", "cpe:2.3:a:zabbix:zabbix:1.8.16:*:*:*:*:*:*:*", "cpe:2.3:a:zabbix:zabbix:2.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:zabbix:zabbix:1.8.10:rc2:*:*:*:*:*:*", "cpe:2.3:a:zabbix:zabbix:2.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:zabbix:zabbix:1.8.10:rc1:*:*:*:*:*:*", "cpe:2.3:a:zabbix:zabbix:2.0.1:rc2:*:*:*:*:*:*"]}], "fedora": [{"lastseen": "2020-12-21T08:17:52", "bulletinFamily": "unix", "cvelist": ["CVE-2012-6086"], "description": "Zabbix is software that monitors numerous parameters of a network and the health and integrity of servers. Zabbix uses a flexible notification mechan ism that allows users to configure e-mail based alerts for virtually any event. This allows a fast reaction to server problems. Zabbix offers excellent reporting and data visualization features based on the stored data. This makes Zabbix ideal for capacity planning. Zabbix supports both polling and trapping. All Zabbix reports and statistic s, as well as configuration parameters are accessed through a web-based front end. A web-based front end ensures that the status of your network and the healt h of your servers can be assessed from any location. Properly configured, Zabbix can play an important role in monitoring IT infrastructure. This is equally true for small organizations with a few servers and for large companies with a multitude of servers. ", "modified": "2013-09-30T00:29:35", "published": "2013-09-30T00:29:35", "id": "FEDORA:C3A7A2212E", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 19 Update: zabbix-2.0.6-3.fc19", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2020-12-21T08:17:52", "bulletinFamily": "unix", "cvelist": ["CVE-2012-6086", "CVE-2013-5743"], "description": "Zabbix is software that monitors numerous parameters of a network and the health and integrity of servers. Zabbix uses a flexible notification mechan ism that allows users to configure e-mail based alerts for virtually any event. This allows a fast reaction to server problems. Zabbix offers excellent reporting and data visualization features based on the stored data. This makes Zabbix ideal for capacity planning. Zabbix supports both polling and trapping. All Zabbix reports and statistic s, as well as configuration parameters are accessed through a web-based front end. A web-based front end ensures that the status of your network and the healt h of your servers can be assessed from any location. Properly configured, Zabbix can play an important role in monitoring IT infrastructure. This is equally true for small organizations with a few servers and for large companies with a multitude of servers. ", "modified": "2013-10-14T17:20:21", "published": "2013-10-14T17:20:21", "id": "FEDORA:B248721A6A", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 19 Update: zabbix-2.0.8-3.fc19", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:52", "bulletinFamily": "unix", "cvelist": ["CVE-2012-6086", "CVE-2013-5743"], "description": "Zabbix is software that monitors numerous parameters of a network and the health and integrity of servers. Zabbix uses a flexible notification mechan ism that allows users to configure e-mail based alerts for virtually any event. This allows a fast reaction to server problems. Zabbix offers excellent reporting and data visualization features based on the stored data. This makes Zabbix ideal for capacity planning. Zabbix supports both polling and trapping. All Zabbix reports and statistic s, as well as configuration parameters are accessed through a web-based front end. A web-based front end ensures that the status of your network and the healt h of your servers can be assessed from any location. Properly configured, Zabbix can play an important role in monitoring IT infrastructure. This is equally true for small organizations with a few servers and for large companies with a multitude of servers. ", "modified": "2013-10-13T19:54:40", "published": "2013-10-13T19:54:40", "id": "FEDORA:931CE2187D", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 20 Update: zabbix-2.0.8-3.fc20", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:52", "bulletinFamily": "unix", "cvelist": ["CVE-2012-6086", "CVE-2013-5743"], "description": "Zabbix is software that monitors numerous parameters of a network and the health and integrity of servers. Zabbix uses a flexible notification mechan ism that allows users to configure e-mail based alerts for virtually any event. This allows a fast reaction to server problems. Zabbix offers excellent reporting and data visualization features based on the stored data. This makes Zabbix ideal for capacity planning. Zabbix supports both polling and trapping. All Zabbix reports and statistic s, as well as configuration parameters are accessed through a web-based front end. A web-based front end ensures that the status of your network and the healt h of your servers can be assessed from any location. Properly configured, Zabbix can play an important role in monitoring IT infrastructure. This is equally true for small organizations with a few servers and for large companies with a multitude of servers. ", "modified": "2013-10-14T07:06:38", "published": "2013-10-14T07:06:38", "id": "FEDORA:38CCC213AE", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 19 Update: zabbix-2.0.8-3.fc19", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:52", "bulletinFamily": "unix", "cvelist": ["CVE-2012-6086", "CVE-2013-1364", "CVE-2013-5743"], "description": "Zabbix is software that monitors numerous parameters of a network and the health and integrity of servers. Zabbix uses a flexible notification mechan ism that allows users to configure e-mail based alerts for virtually any event. This allows a fast reaction to server problems. Zabbix offers excellent reporting and data visualization features based on the stored data. This makes Zabbix ideal for capacity planning. Zabbix supports both polling and trapping. All Zabbix reports and statistic s, as well as configuration parameters are accessed through a web-based front end. A web-based front end ensures that the status of your network and the healt h of your servers can be assessed from any location. Properly configured, Zabbix can play an important role in monitoring IT infrastructure. This is equally true for small organizations with a few servers and for large companies with a multitude of servers. ", "modified": "2013-10-14T07:02:15", "published": "2013-10-14T07:02:15", "id": "FEDORA:4A28721954", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 18 Update: zabbix-2.0.8-3.fc18", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:52", "bulletinFamily": "unix", "cvelist": ["CVE-2012-6086", "CVE-2013-1364", "CVE-2013-5743"], "description": "Zabbix is software that monitors numerous parameters of a network and the health and integrity of servers. Zabbix uses a flexible notification mechan ism that allows users to configure e-mail based alerts for virtually any event. This allows a fast reaction to server problems. Zabbix offers excellent reporting and data visualization features based on the stored data. This makes Zabbix ideal for capacity planning. Zabbix supports both polling and trapping. All Zabbix reports and statistic s, as well as configuration parameters are accessed through a web-based front end. A web-based front end ensures that the status of your network and the healt h of your servers can be assessed from any location. Properly configured, Zabbix can play an important role in monitoring IT infrastructure. This is equally true for small organizations with a few servers and for large companies with a multitude of servers. ", "modified": "2013-10-14T17:12:51", "published": "2013-10-14T17:12:51", "id": "FEDORA:7100221990", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 18 Update: zabbix-2.0.8-3.fc18", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:52", "bulletinFamily": "unix", "cvelist": ["CVE-2012-6086", "CVE-2013-5743", "CVE-2013-6824"], "description": "Zabbix is software that monitors numerous parameters of a network and the health and integrity of servers. Zabbix uses a flexible notification mechan ism that allows users to configure e-mail based alerts for virtually any event. This allows a fast reaction to server problems. Zabbix offers excellent reporting and data visualization features based on the stored data. This makes Zabbix ideal for capacity planning. Zabbix supports both polling and trapping. All Zabbix reports and statistic s, as well as configuration parameters are accessed through a web-based front end. A web-based front end ensures that the status of your network and the healt h of your servers can be assessed from any location. Properly configured, Zabbix can play an important role in monitoring IT infrastructure. This is equally true for small organizations with a few servers and for large companies with a multitude of servers. ", "modified": "2013-12-13T05:02:15", "published": "2013-12-13T05:02:15", "id": "FEDORA:349CD22C20", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 19 Update: zabbix-2.0.9-2.fc19", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:52", "bulletinFamily": "unix", "cvelist": ["CVE-2012-6086", "CVE-2013-5743", "CVE-2013-6824", "CVE-2014-1685"], "description": "Zabbix is software that monitors numerous parameters of a network and the health and integrity of servers. Zabbix uses a flexible notification mechan ism that allows users to configure e-mail based alerts for virtually any event. This allows a fast reaction to server problems. Zabbix offers excellent reporting and data visualization features based on the stored data. This makes Zabbix ideal for capacity planning. Zabbix supports both polling and trapping. All Zabbix reports and statistic s, as well as configuration parameters are accessed through a web-based front end. A web-based front end ensures that the status of your network and the healt h of your servers can be assessed from any location. Properly configured, Zabbix can play an important role in monitoring IT infrastructure. This is equally true for small organizations with a few servers and for large companies with a multitude of servers. ", "modified": "2014-05-23T18:55:36", "published": "2014-05-23T18:55:36", "id": "FEDORA:DC46C22232", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 19 Update: zabbix-2.0.12-1.fc19", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:52", "bulletinFamily": "unix", "cvelist": ["CVE-2012-6086", "CVE-2013-5743", "CVE-2013-6824", "CVE-2014-3005"], "description": "Zabbix is software that monitors numerous parameters of a network and the health and integrity of servers. Zabbix uses a flexible notification mechan ism that allows users to configure e-mail based alerts for virtually any event. This allows a fast reaction to server problems. Zabbix offers excellent reporting and data visualization features based on the stored data. This makes Zabbix ideal for capacity planning. Zabbix supports both polling and trapping. All Zabbix reports and statistic s, as well as configuration parameters are accessed through a web-based front end. A web-based front end ensures that the status of your network and the healt h of your servers can be assessed from any location. Properly configured, Zabbix can play an important role in monitoring IT infrastructure. This is equally true for small organizations with a few servers and for large companies with a multitude of servers. ", "modified": "2014-06-30T10:32:50", "published": "2014-06-30T10:32:50", "id": "FEDORA:329FF221FF", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 19 Update: zabbix-2.0.12-3.fc19", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:52", "bulletinFamily": "unix", "cvelist": ["CVE-2012-6086", "CVE-2013-5572", "CVE-2013-5743", "CVE-2013-6824", "CVE-2014-1682", "CVE-2014-1685"], "description": "Zabbix is software that monitors numerous parameters of a network and the health and integrity of servers. Zabbix uses a flexible notification mechan ism that allows users to configure e-mail based alerts for virtually any event. This allows a fast reaction to server problems. Zabbix offers excellent reporting and data visualization features based on the stored data. This makes Zabbix ideal for capacity planning. Zabbix supports both polling and trapping. All Zabbix reports and statistic s, as well as configuration parameters are accessed through a web-based front end. A web-based front end ensures that the status of your network and the healt h of your servers can be assessed from any location. Properly configured, Zabbix can play an important role in monitoring IT infrastructure. This is equally true for small organizations with a few servers and for large companies with a multitude of servers. ", "modified": "2014-05-01T22:20:47", "published": "2014-05-01T22:20:47", "id": "FEDORA:803152150E", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 19 Update: zabbix-2.0.11-3.fc19", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "nessus": [{"lastseen": "2021-01-12T10:10:58", "description": "This update solves a security issue involving the use of libcurl in\nthe code used to access the eztexting service. It potentially allows\nfor man-in-the-middle attacks. The issue was described as\nCVE-2012-6086.\n\nPlease refer to https://support.zabbix.com/browse/ZBX-5924 for\ndetails!\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 14, "published": "2013-09-30T00:00:00", "title": "Fedora 19 : zabbix-2.0.6-3.fc19 (2013-14029)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-6086"], "modified": "2013-09-30T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:zabbix", "cpe:/o:fedoraproject:fedora:19"], "id": "FEDORA_2013-14029.NASL", "href": "https://www.tenable.com/plugins/nessus/70203", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2013-14029.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(70203);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2012-6086\");\n script_bugtraq_id(57103);\n script_xref(name:\"FEDORA\", value:\"2013-14029\");\n\n script_name(english:\"Fedora 19 : zabbix-2.0.6-3.fc19 (2013-14029)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update solves a security issue involving the use of libcurl in\nthe code used to access the eztexting service. It potentially allows\nfor man-in-the-middle attacks. The issue was described as\nCVE-2012-6086.\n\nPlease refer to https://support.zabbix.com/browse/ZBX-5924 for\ndetails!\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=892687\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2013-September/117569.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?8754d792\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://support.zabbix.com/browse/ZBX-5924\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected zabbix package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:zabbix\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:19\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/08/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/09/30\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^19([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 19.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC19\", reference:\"zabbix-2.0.6-3.fc19\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"zabbix\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-01-12T10:11:14", "description": " - New upstream version 2.0.8\n\n - Patch for CVE-2013-5743 (SQL injection vulnerability,\n ZBX-7091)\n\n - Patch for ZBX-6922 (Failing host XML import)\n\n - SQL speed-up patch for graphs (ZBX-6804)\n\n - Require php-ldap and ZBX-6992 (Service SQL)\n\n - Create and configure a spooling directory for fping\n files outside of /tmp\n\n - Update README to reflect that and add a SELinux\n section\n\n - Drop PrivateTmp from systemd unit files This update\n solves a security issue involving the use of libcurl\n in the code used to access the eztexting service. It\n potentially allows for man-in-the-middle attacks. The\n issue was described as CVE-2012-6086.\n\nPlease refer to https://support.zabbix.com/browse/ZBX-5924 for\ndetails!\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 14, "published": "2013-10-15T00:00:00", "title": "Fedora 19 : zabbix-2.0.8-3.fc19 (2013-18351)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-5743", "CVE-2012-6086"], "modified": "2013-10-15T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:zabbix", "cpe:/o:fedoraproject:fedora:19"], "id": "FEDORA_2013-18351.NASL", "href": "https://www.tenable.com/plugins/nessus/70426", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2013-18351.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(70426);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2012-6086\");\n script_xref(name:\"FEDORA\", value:\"2013-18351\");\n\n script_name(english:\"Fedora 19 : zabbix-2.0.8-3.fc19 (2013-18351)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - New upstream version 2.0.8\n\n - Patch for CVE-2013-5743 (SQL injection vulnerability,\n ZBX-7091)\n\n - Patch for ZBX-6922 (Failing host XML import)\n\n - SQL speed-up patch for graphs (ZBX-6804)\n\n - Require php-ldap and ZBX-6992 (Service SQL)\n\n - Create and configure a spooling directory for fping\n files outside of /tmp\n\n - Update README to reflect that and add a SELinux\n section\n\n - Drop PrivateTmp from systemd unit files This update\n solves a security issue involving the use of libcurl\n in the code used to access the eztexting service. It\n potentially allows for man-in-the-middle attacks. The\n issue was described as CVE-2012-6086.\n\nPlease refer to https://support.zabbix.com/browse/ZBX-5924 for\ndetails!\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=892687\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=983096\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2013-October/119035.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?31229bc1\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2013-October/119146.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?4f46f154\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://support.zabbix.com/browse/ZBX-5924\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected zabbix package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:zabbix\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:19\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/10/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/10/15\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^19([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 19.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC19\", reference:\"zabbix-2.0.8-3.fc19\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"zabbix\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-01-12T10:11:13", "description": " - New upstream version 2.0.8\n\n - Patch for CVE-2013-5743 (SQL injection vulnerability,\n ZBX-7091)\n\n - Patch for ZBX-6922 (Failing host XML import)\n\n - SQL speed-up patch for graphs (ZBX-6804)\n\n - Require php-ldap and ZBX-6992 (Service SQL)\n\n - Create and configure a spooling directory for fping\n files outside of /tmp\n\n - Update README to reflect that and add a SELinux\n section\n\n - Drop PrivateTmp from systemd unit files This update\n solves a security issue involving the use of libcurl\n in the code used to access the eztexting service. It\n potentially allows for man-in-the-middle attacks. The\n issue was described as CVE-2012-6086.\n\nPlease refer to https://support.zabbix.com/browse/ZBX-5924 for\ndetails!\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 14, "published": "2013-10-15T00:00:00", "title": "Fedora 20 : zabbix-2.0.8-3.fc20 (2013-18314)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-5743", "CVE-2012-6086"], "modified": "2013-10-15T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:zabbix", "cpe:/o:fedoraproject:fedora:20"], "id": "FEDORA_2013-18314.NASL", "href": "https://www.tenable.com/plugins/nessus/70422", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2013-18314.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(70422);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2012-6086\");\n script_xref(name:\"FEDORA\", value:\"2013-18314\");\n\n script_name(english:\"Fedora 20 : zabbix-2.0.8-3.fc20 (2013-18314)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - New upstream version 2.0.8\n\n - Patch for CVE-2013-5743 (SQL injection vulnerability,\n ZBX-7091)\n\n - Patch for ZBX-6922 (Failing host XML import)\n\n - SQL speed-up patch for graphs (ZBX-6804)\n\n - Require php-ldap and ZBX-6992 (Service SQL)\n\n - Create and configure a spooling directory for fping\n files outside of /tmp\n\n - Update README to reflect that and add a SELinux\n section\n\n - Drop PrivateTmp from systemd unit files This update\n solves a security issue involving the use of libcurl\n in the code used to access the eztexting service. It\n potentially allows for man-in-the-middle attacks. The\n issue was described as CVE-2012-6086.\n\nPlease refer to https://support.zabbix.com/browse/ZBX-5924 for\ndetails!\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=892687\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=983096\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2013-October/118988.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?55db3ccf\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://support.zabbix.com/browse/ZBX-5924\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected zabbix package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:zabbix\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:20\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/10/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/10/15\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^20([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 20.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC20\", reference:\"zabbix-2.0.8-3.fc20\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"zabbix\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-01-12T10:11:14", "description": " - New upstream version 2.0.8\n\n - Patch for CVE-2013-5743 (SQL injection vulnerability,\n ZBX-7091)\n\n - Patch for ZBX-6922 (Failing host XML import)\n\n - SQL speed-up patch for graphs (ZBX-6804)\n\n - Require php-ldap and ZBX-6992 (Service SQL)\n\n - Create and configure a spooling directory for fping\n files outside of /tmp\n\n - Update README to reflect that and add a SELinux\n section\n\n - Drop PrivateTmp from systemd unit files This update\n solves a security issue involving the use of libcurl\n in the code used to access the eztexting service. It\n potentially allows for man-in-the-middle attacks. The\n issue was described as CVE-2012-6086.\n\nPlease refer to https://support.zabbix.com/browse/ZBX-5924 for\ndetails!\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 14, "published": "2013-10-15T00:00:00", "title": "Fedora 18 : zabbix-2.0.8-3.fc18 (2013-18348)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-5743", "CVE-2012-6086"], "modified": "2013-10-15T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:18", "p-cpe:/a:fedoraproject:fedora:zabbix"], "id": "FEDORA_2013-18348.NASL", "href": "https://www.tenable.com/plugins/nessus/70425", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2013-18348.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(70425);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2012-6086\");\n script_xref(name:\"FEDORA\", value:\"2013-18348\");\n\n script_name(english:\"Fedora 18 : zabbix-2.0.8-3.fc18 (2013-18348)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - New upstream version 2.0.8\n\n - Patch for CVE-2013-5743 (SQL injection vulnerability,\n ZBX-7091)\n\n - Patch for ZBX-6922 (Failing host XML import)\n\n - SQL speed-up patch for graphs (ZBX-6804)\n\n - Require php-ldap and ZBX-6992 (Service SQL)\n\n - Create and configure a spooling directory for fping\n files outside of /tmp\n\n - Update README to reflect that and add a SELinux\n section\n\n - Drop PrivateTmp from systemd unit files This update\n solves a security issue involving the use of libcurl\n in the code used to access the eztexting service. It\n potentially allows for man-in-the-middle attacks. The\n issue was described as CVE-2012-6086.\n\nPlease refer to https://support.zabbix.com/browse/ZBX-5924 for\ndetails!\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=892687\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=983096\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2013-October/119024.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?46e158ff\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2013-October/119106.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?659e5c82\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://support.zabbix.com/browse/ZBX-5924\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected zabbix package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:zabbix\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:18\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/10/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/10/15\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^18([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 18.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC18\", reference:\"zabbix-2.0.8-3.fc18\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"zabbix\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "openvas": [{"lastseen": "2019-05-29T18:38:18", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-6086"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2013-10-03T00:00:00", "id": "OPENVAS:1361412562310866936", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310866936", "type": "openvas", "title": "Fedora Update for zabbix FEDORA-2013-14029", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for zabbix FEDORA-2013-14029\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.866936\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2013-10-03 10:14:01 +0530 (Thu, 03 Oct 2013)\");\n script_cve_id(\"CVE-2012-6086\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_name(\"Fedora Update for zabbix FEDORA-2013-14029\");\n\n\n script_tag(name:\"affected\", value:\"zabbix on Fedora 19\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"FEDORA\", value:\"2013-14029\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2013-September/117569.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'zabbix'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC19\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC19\")\n{\n\n if ((res = isrpmvuln(pkg:\"zabbix\", rpm:\"zabbix~2.0.6~3.fc19\", rls:\"FC19\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2018-01-22T13:10:04", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-5743", "CVE-2012-6086"], "description": "Check for the Version of zabbix", "modified": "2018-01-22T00:00:00", "published": "2013-10-15T00:00:00", "id": "OPENVAS:866989", "href": "http://plugins.openvas.org/nasl.php?oid=866989", "type": "openvas", "title": "Fedora Update for zabbix FEDORA-2013-18351", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for zabbix FEDORA-2013-18351\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\nif(description)\n{\n script_id(866989);\n script_version(\"$Revision: 8483 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-22 07:58:04 +0100 (Mon, 22 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-10-15 13:01:13 +0530 (Tue, 15 Oct 2013)\");\n script_cve_id(\"CVE-2013-5743\", \"CVE-2012-6086\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Fedora Update for zabbix FEDORA-2013-18351\");\n\n tag_insight = \"Zabbix is software that monitors numerous parameters of a network and the\nhealth and integrity of servers. Zabbix uses a flexible notification mechanism\nthat allows users to configure e-mail based alerts for virtually any event.\nThis allows a fast reaction to server problems. Zabbix offers excellent\nreporting and data visualization features based on the stored data.\nThis makes Zabbix ideal for capacity planning.\n\nZabbix supports both polling and trapping. All Zabbix reports and statistics,\nas well as configuration parameters are accessed through a web-based front end.\nA web-based front end ensures that the status of your network and the health of\nyour servers can be assessed from any location. Properly configured, Zabbix can\nplay an important role in monitoring IT infrastructure. This is equally true\nfor small organizations with a few servers and for large companies with a\nmultitude of servers.\n\";\n\n tag_affected = \"zabbix on Fedora 19\";\n\n tag_solution = \"Please Install the Updated Packages.\";\n\n\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name: \"FEDORA\", value: \"2013-18351\");\n script_xref(name: \"URL\" , value: \"https://lists.fedoraproject.org/pipermail/package-announce/2013-October/119035.html\");\n script_tag(name: \"summary\" , value: \"Check for the Version of zabbix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC19\")\n{\n\n if ((res = isrpmvuln(pkg:\"zabbix\", rpm:\"zabbix~2.0.8~3.fc19\", rls:\"FC19\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2019-12-17T13:56:34", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-5743", "CVE-2012-6086"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2013-10-15T00:00:00", "id": "OPENVAS:1361412562310866989", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310866989", "type": "openvas", "title": "Fedora Update for zabbix FEDORA-2013-18351", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for zabbix FEDORA-2013-18351\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.866989\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2013-10-15 13:01:13 +0530 (Tue, 15 Oct 2013)\");\n script_cve_id(\"CVE-2013-5743\", \"CVE-2012-6086\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Fedora Update for zabbix FEDORA-2013-18351\");\n\n\n script_tag(name:\"affected\", value:\"zabbix on Fedora 19\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"FEDORA\", value:\"2013-18351\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2013-October/119035.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'zabbix'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC19\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC19\")\n{\n\n if ((res = isrpmvuln(pkg:\"zabbix\", rpm:\"zabbix~2.0.8~3.fc19\", rls:\"FC19\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2017-07-25T10:51:40", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-1364", "CVE-2013-5743", "CVE-2012-6086"], "description": "Check for the Version of zabbix", "modified": "2017-07-10T00:00:00", "published": "2013-10-15T00:00:00", "id": "OPENVAS:866991", "href": "http://plugins.openvas.org/nasl.php?oid=866991", "type": "openvas", "title": "Fedora Update for zabbix FEDORA-2013-18348", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for zabbix FEDORA-2013-18348\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\nif(description)\n{\n script_id(866991);\n script_version(\"$Revision: 6628 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:32:47 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2013-10-15 13:02:06 +0530 (Tue, 15 Oct 2013)\");\n script_cve_id(\"CVE-2013-5743\", \"CVE-2012-6086\", \"CVE-2013-1364\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Fedora Update for zabbix FEDORA-2013-18348\");\n\n tag_insight = \"Zabbix is software that monitors numerous parameters of a network and the\nhealth and integrity of servers. Zabbix uses a flexible notification mechanism\nthat allows users to configure e-mail based alerts for virtually any event.\nThis allows a fast reaction to server problems. Zabbix offers excellent\nreporting and data visualization features based on the stored data.\nThis makes Zabbix ideal for capacity planning.\n\nZabbix supports both polling and trapping. All Zabbix reports and statistics,\nas well as configuration parameters are accessed through a web-based front end.\nA web-based front end ensures that the status of your network and the health of\nyour servers can be assessed from any location. Properly configured, Zabbix can\nplay an important role in monitoring IT infrastructure. This is equally true\nfor small organizations with a few servers and for large companies with a\nmultitude of servers.\n\";\n\n tag_affected = \"zabbix on Fedora 18\";\n\n tag_solution = \"Please Install the Updated Packages.\";\n\n\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name: \"FEDORA\", value: \"2013-18348\");\n script_xref(name: \"URL\" , value: \"https://lists.fedoraproject.org/pipermail/package-announce/2013-October/119106.html\");\n script_summary(\"Check for the Version of zabbix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC18\")\n{\n\n if ((res = isrpmvuln(pkg:\"zabbix\", rpm:\"zabbix~2.0.8~3.fc18\", rls:\"FC18\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2019-12-17T13:55:56", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-1364", "CVE-2013-5743", "CVE-2012-6086"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2013-10-15T00:00:00", "id": "OPENVAS:1361412562310866991", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310866991", "type": "openvas", "title": "Fedora Update for zabbix FEDORA-2013-18348", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for zabbix FEDORA-2013-18348\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.866991\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2013-10-15 13:02:06 +0530 (Tue, 15 Oct 2013)\");\n script_cve_id(\"CVE-2013-5743\", \"CVE-2012-6086\", \"CVE-2013-1364\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Fedora Update for zabbix FEDORA-2013-18348\");\n\n\n script_tag(name:\"affected\", value:\"zabbix on Fedora 18\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"FEDORA\", value:\"2013-18348\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2013-October/119106.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'zabbix'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC18\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC18\")\n{\n\n if ((res = isrpmvuln(pkg:\"zabbix\", rpm:\"zabbix~2.0.8~3.fc18\", rls:\"FC18\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:37:54", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-6824", "CVE-2013-5743", "CVE-2012-6086"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2013-12-17T00:00:00", "id": "OPENVAS:1361412562310867140", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310867140", "type": "openvas", "title": "Fedora Update for zabbix FEDORA-2013-22764", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for zabbix FEDORA-2013-22764\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.867140\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2013-12-17 11:47:27 +0530 (Tue, 17 Dec 2013)\");\n script_cve_id(\"CVE-2013-6824\", \"CVE-2013-5743\", \"CVE-2012-6086\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Fedora Update for zabbix FEDORA-2013-22764\");\n\n\n script_tag(name:\"affected\", value:\"zabbix on Fedora 19\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"FEDORA\", value:\"2013-22764\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2013-December/123446.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'zabbix'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2013 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC19\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC19\")\n{\n\n if ((res = isrpmvuln(pkg:\"zabbix\", rpm:\"zabbix~2.0.9~2.fc19\", rls:\"FC19\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2017-07-25T10:51:43", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-6824", "CVE-2013-5743", "CVE-2012-6086"], "description": "Check for the Version of zabbix", "modified": "2017-07-10T00:00:00", "published": "2013-12-17T00:00:00", "id": "OPENVAS:867140", "href": "http://plugins.openvas.org/nasl.php?oid=867140", "type": "openvas", "title": "Fedora Update for zabbix FEDORA-2013-22764", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for zabbix FEDORA-2013-22764\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\nif(description)\n{\n script_id(867140);\n script_version(\"$Revision: 6628 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:32:47 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2013-12-17 11:47:27 +0530 (Tue, 17 Dec 2013)\");\n script_cve_id(\"CVE-2013-6824\", \"CVE-2013-5743\", \"CVE-2012-6086\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Fedora Update for zabbix FEDORA-2013-22764\");\n\n tag_insight = \"Zabbix is software that monitors numerous parameters of a network and the\nhealth and integrity of servers. Zabbix uses a flexible notification mechanism\nthat allows users to configure e-mail based alerts for virtually any event.\nThis allows a fast reaction to server problems. Zabbix offers excellent\nreporting and data visualization features based on the stored data.\nThis makes Zabbix ideal for capacity planning.\n\nZabbix supports both polling and trapping. All Zabbix reports and statistics,\nas well as configuration parameters are accessed through a web-based front end.\nA web-based front end ensures that the status of your network and the health of\nyour servers can be assessed from any location. Properly configured, Zabbix can\nplay an important role in monitoring IT infrastructure. This is equally true\nfor small organizations with a few servers and for large companies with a\nmultitude of servers.\n\";\n\n tag_affected = \"zabbix on Fedora 19\";\n\n tag_solution = \"Please Install the Updated Packages.\";\n\n\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name: \"FEDORA\", value: \"2013-22764\");\n script_xref(name: \"URL\" , value: \"https://lists.fedoraproject.org/pipermail/package-announce/2013-December/123446.html\");\n script_summary(\"Check for the Version of zabbix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2013 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC19\")\n{\n\n if ((res = isrpmvuln(pkg:\"zabbix\", rpm:\"zabbix~2.0.9~2.fc19\", rls:\"FC19\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:37:11", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-6824", "CVE-2013-5743", "CVE-2012-6086", "CVE-2014-1685"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2014-05-26T00:00:00", "id": "OPENVAS:1361412562310867830", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310867830", "type": "openvas", "title": "Fedora Update for zabbix FEDORA-2014-6343", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for zabbix FEDORA-2014-6343\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.867830\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2014-05-26 13:31:42 +0530 (Mon, 26 May 2014)\");\n script_cve_id(\"CVE-2013-6824\", \"CVE-2013-5743\", \"CVE-2012-6086\", \"CVE-2014-1685\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Fedora Update for zabbix FEDORA-2014-6343\");\n script_tag(name:\"affected\", value:\"zabbix on Fedora 19\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"FEDORA\", value:\"2014-6343\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2014-May/133615.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'zabbix'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC19\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC19\")\n{\n\n if ((res = isrpmvuln(pkg:\"zabbix\", rpm:\"zabbix~2.0.12~1.fc19\", rls:\"FC19\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:37:13", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-6824", "CVE-2013-5743", "CVE-2012-6086", "CVE-2014-3005"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2014-07-01T00:00:00", "id": "OPENVAS:1361412562310867932", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310867932", "type": "openvas", "title": "Fedora Update for zabbix FEDORA-2014-7603", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for zabbix FEDORA-2014-7603\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.867932\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2014-07-01 15:46:19 +0530 (Tue, 01 Jul 2014)\");\n script_cve_id(\"CVE-2014-3005\", \"CVE-2013-6824\", \"CVE-2013-5743\", \"CVE-2012-6086\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Fedora Update for zabbix FEDORA-2014-7603\");\n script_tag(name:\"affected\", value:\"zabbix on Fedora 19\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"FEDORA\", value:\"2014-7603\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2014-June/134909.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'zabbix'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC19\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC19\")\n{\n\n if ((res = isrpmvuln(pkg:\"zabbix\", rpm:\"zabbix~2.0.12~3.fc19\", rls:\"FC19\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:37:16", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-6824", "CVE-2013-5743", "CVE-2013-5572", "CVE-2012-6086", "CVE-2014-1685", "CVE-2014-1682"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2014-05-05T00:00:00", "id": "OPENVAS:1361412562310867770", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310867770", "type": "openvas", "title": "Fedora Update for zabbix FEDORA-2014-5551", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for zabbix FEDORA-2014-5551\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.867770\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2014-05-05 11:17:17 +0530 (Mon, 05 May 2014)\");\n script_cve_id(\"CVE-2014-1682\", \"CVE-2013-5572\", \"CVE-2014-1685\", \"CVE-2013-6824\",\n \"CVE-2013-5743\", \"CVE-2012-6086\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Fedora Update for zabbix FEDORA-2014-5551\");\n script_tag(name:\"affected\", value:\"zabbix on Fedora 19\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"FEDORA\", value:\"2014-5551\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2014-May/132376.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'zabbix'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC19\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC19\")\n{\n\n if ((res = isrpmvuln(pkg:\"zabbix\", rpm:\"zabbix~2.0.11~3.fc19\", rls:\"FC19\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}]}