Vulnerabilities > CVE-2007-6210 - Unspecified vulnerability in Zabbix Agentd 1.1.4

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN
zabbix
nessus
exploit available

Summary

zabbix_agentd 1.1.4 in ZABBIX before 1.4.3 runs "UserParameter" scripts with gid 0, which might allow local users to gain privileges.

Vulnerable Configurations

Part Description Count
Application
Zabbix
1

Exploit-Db

descriptionZABBIX 1.1.4/1.4.2 daemon_start Local Privilege Escalation Vulnerability. CVE-2007-6210. Local exploit for linux platform
idEDB-ID:30839
last seen2016-02-03
modified2007-12-03
published2007-12-03
reporterBas van Schaik
sourcehttps://www.exploit-db.com/download/30839/
titleZABBIX 1.1.4/1.4.2 - daemon_start Local Privilege Escalation Vulnerability

Nessus

  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2007-4160.NASL
    description - Sat Dec 1 2007 Dan Horak <dan[at]danny.cz> 1.4.2-3 - add security fix (#407181) - Thu Sep 20 2007 Dan Horak <dan[at]danny.cz> 1.4.2-2 - Fix paths (%_bindir -> %_sbindir) in init scripts (#297061) - Add a patch to clean a warning during compile - Add a patch to fix cpu load computations - Tue Sep 11 2007 Dan Horak <dan[at]danny.cz> 1.4.2-1 - New upstream release - Mon Jul 2 2007 Jarod Wilson <jwilson at redhat.com> 1.4.1-1 - New upstream release - Fri Jun 29 2007 Jarod Wilson <jwilson at redhat.com> 1.4-3 - Install correct sql init files (#244991) - Add Requires: php-bcmath to zabbix-web (#245767) - Wed May 30 2007 Jarod Wilson <jwilson at redhat.com> 1.4-2 - Add placeholder zabbix.conf.php - Tue May 29 2007 Jarod Wilson <jwilson at redhat.com> 1.4-1 - New upstream release Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id29272
    published2007-12-11
    reporterThis script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/29272
    titleFedora 7 : zabbix-1.4.2-3.fc7 (2007-4160)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Fedora Security Advisory 2007-4160.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(29272);
      script_version ("1.13");
      script_cvs_date("Date: 2019/08/02 13:32:26");
    
      script_cve_id("CVE-2007-6210");
      script_bugtraq_id(26680);
      script_xref(name:"FEDORA", value:"2007-4160");
    
      script_name(english:"Fedora 7 : zabbix-1.4.2-3.fc7 (2007-4160)");
      script_summary(english:"Checks rpm output for the updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Fedora host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "  - Sat Dec 1 2007 Dan Horak <dan[at]danny.cz> 1.4.2-3
    
        - add security fix (#407181)
    
        - Thu Sep 20 2007 Dan Horak <dan[at]danny.cz> 1.4.2-2
    
        - Fix paths (%_bindir -> %_sbindir) in init scripts
          (#297061)
    
        - Add a patch to clean a warning during compile
    
        - Add a patch to fix cpu load computations
    
        - Tue Sep 11 2007 Dan Horak <dan[at]danny.cz> 1.4.2-1
    
        - New upstream release
    
        - Mon Jul 2 2007 Jarod Wilson <jwilson at redhat.com>
          1.4.1-1
    
        - New upstream release
    
        - Fri Jun 29 2007 Jarod Wilson <jwilson at redhat.com>
          1.4-3
    
        - Install correct sql init files (#244991)
    
        - Add Requires: php-bcmath to zabbix-web (#245767)
    
        - Wed May 30 2007 Jarod Wilson <jwilson at redhat.com>
          1.4-2
    
        - Add placeholder zabbix.conf.php
    
        - Tue May 29 2007 Jarod Wilson <jwilson at redhat.com>
          1.4-1
    
        - New upstream release
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Fedora security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=407181"
      );
      # https://lists.fedoraproject.org/pipermail/package-announce/2007-December/005658.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?76b9c01d"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_cwe_id(16);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:zabbix");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:zabbix-agent");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:zabbix-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:zabbix-web");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:7");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2007/12/06");
      script_set_attribute(attribute:"plugin_publication_date", value:"2007/12/11");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Fedora Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
    os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
    os_ver = os_ver[1];
    if (! ereg(pattern:"^7([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 7.x", "Fedora " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
    
    flag = 0;
    if (rpm_check(release:"FC7", reference:"zabbix-1.4.2-3.fc7")) flag++;
    if (rpm_check(release:"FC7", reference:"zabbix-agent-1.4.2-3.fc7")) flag++;
    if (rpm_check(release:"FC7", reference:"zabbix-debuginfo-1.4.2-3.fc7")) flag++;
    if (rpm_check(release:"FC7", reference:"zabbix-web-1.4.2-3.fc7")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());
      else security_note(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "zabbix / zabbix-agent / zabbix-debuginfo / zabbix-web");
    }
    
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-1420.NASL
    descriptionBas van Schaik discovered that the agentd process of Zabbix, a network monitor system, may run user-supplied commands as group id root, not zabbix, which may lead to a privilege escalation. zabbix is not included in the oldstable distribution (sarge).
    last seen2020-06-01
    modified2020-06-02
    plugin id29227
    published2007-12-07
    reporterThis script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/29227
    titleDebian DSA-1420-1 : zabbix - programming error
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Debian Security Advisory DSA-1420. The text 
    # itself is copyright (C) Software in the Public Interest, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(29227);
      script_version("1.15");
      script_cvs_date("Date: 2019/08/02 13:32:20");
    
      script_cve_id("CVE-2007-6210");
      script_bugtraq_id(26680);
      script_xref(name:"DSA", value:"1420");
    
      script_name(english:"Debian DSA-1420-1 : zabbix - programming error");
      script_summary(english:"Checks dpkg output for the updated package");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Debian host is missing a security-related update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Bas van Schaik discovered that the agentd process of Zabbix, a network
    monitor system, may run user-supplied commands as group id root, not
    zabbix, which may lead to a privilege escalation.
    
    zabbix is not included in the oldstable distribution (sarge)."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=452682"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.debian.org/security/2007/dsa-1420"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "Upgrade the zabbix packages.
    
    For the stable distribution (etch), this problem has been fixed in
    version 1:1.1.4-10etch1."
      );
      script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_cwe_id(16);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:zabbix");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:4.0");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2007/12/05");
      script_set_attribute(attribute:"plugin_publication_date", value:"2007/12/07");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Debian Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("debian_package.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
    if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    if (deb_check(release:"4.0", prefix:"zabbix-agent", reference:"1:1.1.4-10etch1")) flag++;
    if (deb_check(release:"4.0", prefix:"zabbix-frontend-php", reference:"1:1.1.4-10etch1")) flag++;
    if (deb_check(release:"4.0", prefix:"zabbix-server-mysql", reference:"1:1.1.4-10etch1")) flag++;
    if (deb_check(release:"4.0", prefix:"zabbix-server-pgsql", reference:"1:1.1.4-10etch1")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_note(port:0, extra:deb_report_get());
      else security_note(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2007-4176.NASL
    description - Sat Dec 1 2007 Dan Horak <dan[at]danny.cz> 1.4.2-4 - add security fix (#407181) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id29275
    published2007-12-11
    reporterThis script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/29275
    titleFedora 8 : zabbix-1.4.2-4.fc8 (2007-4176)