Vulnerabilities > CVE-2014-1685 - Security Bypass vulnerability in Zabbix

CVSS 5.5 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

SINGLE

Confidentiality impact

NONE

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

zabbix

fedoraproject

nessus

NVD

Published: 2014-05-08

Updated: 2014-05-09

Summary

The Frontend in Zabbix before 1.8.20rc2, 2.0.x before 2.0.11rc2, and 2.2.x before 2.2.2rc1 allows remote "Zabbix Admin" users to modify the media of arbitrary users via unspecified vectors.

Vulnerable Configurations

Part	Description	Count
Application	Zabbix Zabbix Zabbix 1.8 Zabbix Zabbix 1.8.1 Zabbix Zabbix 1.8.2 Zabbix Zabbix 1.8.3 Zabbix Zabbix 1.8.15 Zabbix Zabbix 1.8.16 Zabbix Zabbix 1.8.18 Zabbix Zabbix 1.0 Zabbix Zabbix 1.1 Zabbix Zabbix 1.1.0.1 Zabbix Zabbix 1.1.1 Zabbix Zabbix 1.1.2 Zabbix Zabbix 1.1.3 Zabbix Zabbix 1.1.4 Zabbix Zabbix 1.1.5 Zabbix Zabbix 1.1.6 Zabbix Zabbix 1.1.7 Zabbix Zabbix 1.3 Zabbix Zabbix 1.3.1 Zabbix Zabbix 1.3.2 Zabbix Zabbix 1.3.3 Zabbix Zabbix 1.3.4 Zabbix Zabbix 1.3.5 Zabbix Zabbix 1.3.6 Zabbix Zabbix 1.3.7 Zabbix Zabbix 1.3.8 Zabbix Zabbix 1.4 Zabbix Zabbix 1.4.1 Zabbix Zabbix 1.4.2 Zabbix Zabbix 1.4.3 Zabbix Zabbix 1.4.4 Zabbix Zabbix 1.4.5 Zabbix Zabbix 1.4.6 Zabbix Zabbix 1.4.7 Zabbix Zabbix 1.5 Zabbix Zabbix 1.5.1 Zabbix Zabbix 1.5.2 Zabbix Zabbix 1.5.3 Zabbix Zabbix 1.5.4 Zabbix Zabbix 1.6 Zabbix Zabbix 1.6.1 Zabbix Zabbix 1.6.2 Zabbix Zabbix 1.6.3 Zabbix Zabbix 1.6.4 Zabbix Zabbix 1.6.5 Zabbix Zabbix 1.6.6 Zabbix Zabbix 1.6.7 Zabbix Zabbix 1.6.8 Zabbix Zabbix 1.6.9 Zabbix Zabbix 1.7 Zabbix Zabbix 1.7.0 Zabbix Zabbix 1.7.1 Zabbix Zabbix 1.7.2 Zabbix Zabbix 1.7.3 Zabbix Zabbix 1.7.4 Zabbix Zabbix 1.8.4 Zabbix Zabbix 1.8.5 Zabbix Zabbix 1.8.6 Zabbix Zabbix 1.8.7 Zabbix Zabbix 1.8.8 Zabbix Zabbix 1.8.9 Zabbix Zabbix 1.8.10 Zabbix Zabbix 1.8.11 Zabbix Zabbix 1.8.12 Zabbix Zabbix 1.8.13 Zabbix Zabbix 1.8.14 Zabbix Zabbix 1.8.17 Zabbix Zabbix 1.8.19 Zabbix Zabbix 2.0.0 Zabbix Zabbix 2.0.1 Zabbix Zabbix 2.0.2 Zabbix Zabbix 2.0.3 Zabbix Zabbix 2.0.4 Zabbix Zabbix 2.0.5 Zabbix Zabbix 2.0.6 Zabbix Zabbix 2.0.7 Zabbix Zabbix 2.0.8 Zabbix Zabbix 2.0.9 Zabbix Zabbix 2.0.10 Zabbix Zabbix 2.2.0 Zabbix Zabbix 2.2.1	157
OS	Fedoraproject Fedoraproject Fedora 19 Fedoraproject Fedora 20	2

Nessus

NASL family	Fedora Local Security Checks
NASL id	FEDORA_2014-5540.NASL
description	The logrotate configuration had no su statement in 2.0.11-2. Furthermore, the log file should have been created as zabbixsrv:zabbix for the proxy and server, what they are now. http://www.zabbix.com/rn2.0.11.php Also solves 3 security issues : - [ZBX-7703] fixed being able to switch users without proper credentials when using HTTP authentication; reference CVE-2014-1682 - [ZBX-6721] fixed LDAP authentication; reference CVE-2013-5572 - [ZBX-7693] fixed admin user being able to update media for other users; reference CVE-2014-1685 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-03-17
modified	2014-05-02
plugin id	73814
published	2014-05-02
reporter	This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/73814
title	Fedora 20 : zabbix-2.0.11-3.fc20 (2014-5540)
code	#%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2014-5540. # include("compat.inc"); if (description) { script_id(73814); script_version("1.7"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12"); script_cve_id("CVE-2013-5572", "CVE-2014-1682", "CVE-2014-1685"); script_bugtraq_id(62648, 65402); script_xref(name:"FEDORA", value:"2014-5540"); script_name(english:"Fedora 20 : zabbix-2.0.11-3.fc20 (2014-5540)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: "The logrotate configuration had no su statement in 2.0.11-2. Furthermore, the log file should have been created as zabbixsrv:zabbix for the proxy and server, what they are now. http://www.zabbix.com/rn2.0.11.php Also solves 3 security issues : - [ZBX-7703] fixed being able to switch users without proper credentials when using HTTP authentication; reference CVE-2014-1682 - [ZBX-6721] fixed LDAP authentication; reference CVE-2013-5572 - [ZBX-7693] fixed admin user being able to update media for other users; reference CVE-2014-1685 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); # http://www.zabbix.com/rn2.0.11.php script_set_attribute( attribute:"see_also", value:"https://www.zabbix.com/rn/rn2.0.11" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1013963" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1061563" ); # https://lists.fedoraproject.org/pipermail/package-announce/2014-May/132377.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?994039ee" ); script_set_attribute( attribute:"solution", value:"Update the affected zabbix package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:N/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:zabbix"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:20"); script_set_attribute(attribute:"patch_publication_date", value:"2014/04/24"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/05/02"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) \|\| "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^20([^0-9]\|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 20.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC20", reference:"zabbix-2.0.11-3.fc20")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "zabbix"); }

NASL family	Fedora Local Security Checks
NASL id	FEDORA_2014-6373.NASL
description	http://www.zabbix.com/rn2.0.12.php Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-03-17
modified	2014-05-25
plugin id	74170
published	2014-05-25
reporter	This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/74170
title	Fedora 20 : zabbix-2.0.12-1.fc20 (2014-6373)
code	#%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2014-6373. # include("compat.inc"); if (description) { script_id(74170); script_version("1.6"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12"); script_cve_id("CVE-2014-1685"); script_bugtraq_id(65446); script_xref(name:"FEDORA", value:"2014-6373"); script_name(english:"Fedora 20 : zabbix-2.0.12-1.fc20 (2014-6373)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: "http://www.zabbix.com/rn2.0.12.php Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); # http://www.zabbix.com/rn2.0.12.php script_set_attribute( attribute:"see_also", value:"https://www.zabbix.com/rn/rn2.0.12" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1095926" ); # https://lists.fedoraproject.org/pipermail/package-announce/2014-May/133614.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?035436cf" ); script_set_attribute( attribute:"solution", value:"Update the affected zabbix package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:N/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:zabbix"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:20"); script_set_attribute(attribute:"patch_publication_date", value:"2014/05/14"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/05/25"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) \|\| "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^20([^0-9]\|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 20.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC20", reference:"zabbix-2.0.12-1.fc20")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "zabbix"); }

NASL family	Fedora Local Security Checks
NASL id	FEDORA_2014-6343.NASL
description	http://www.zabbix.com/rn2.0.12.php Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-03-17
modified	2014-05-25
plugin id	74168
published	2014-05-25
reporter	This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/74168
title	Fedora 19 : zabbix-2.0.12-1.fc19 (2014-6343)
code	#%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2014-6343. # include("compat.inc"); if (description) { script_id(74168); script_version("1.6"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12"); script_cve_id("CVE-2014-1685"); script_bugtraq_id(65446); script_xref(name:"FEDORA", value:"2014-6343"); script_name(english:"Fedora 19 : zabbix-2.0.12-1.fc19 (2014-6343)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: "http://www.zabbix.com/rn2.0.12.php Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); # http://www.zabbix.com/rn2.0.12.php script_set_attribute( attribute:"see_also", value:"https://www.zabbix.com/rn/rn2.0.12" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1095926" ); # https://lists.fedoraproject.org/pipermail/package-announce/2014-May/133615.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?cfe24115" ); script_set_attribute( attribute:"solution", value:"Update the affected zabbix package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:N/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:zabbix"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:19"); script_set_attribute(attribute:"patch_publication_date", value:"2014/05/14"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/05/25"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) \|\| "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^19([^0-9]\|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 19.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC19", reference:"zabbix-2.0.12-1.fc19")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "zabbix"); }

NASL family	Fedora Local Security Checks
NASL id	FEDORA_2014-5551.NASL
description	The logrotate configuration had no su statement in 2.0.11-2. Furthermore, the log file should have been created as zabbixsrv:zabbix for the proxy and server, what they are now. http://www.zabbix.com/rn2.0.11.php Also solves 3 security issues : - [ZBX-7703] fixed being able to switch users without proper credentials when using HTTP authentication; reference CVE-2014-1682 - [ZBX-6721] fixed LDAP authentication; reference CVE-2013-5572 - [ZBX-7693] fixed admin user being able to update media for other users; reference CVE-2014-1685 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-03-17
modified	2014-05-02
plugin id	73815
published	2014-05-02
reporter	This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/73815
title	Fedora 19 : zabbix-2.0.11-3.fc19 (2014-5551)
code	#%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2014-5551. # include("compat.inc"); if (description) { script_id(73815); script_version("1.7"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12"); script_cve_id("CVE-2013-5572", "CVE-2014-1682", "CVE-2014-1685"); script_bugtraq_id(62648, 65402); script_xref(name:"FEDORA", value:"2014-5551"); script_name(english:"Fedora 19 : zabbix-2.0.11-3.fc19 (2014-5551)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: "The logrotate configuration had no su statement in 2.0.11-2. Furthermore, the log file should have been created as zabbixsrv:zabbix for the proxy and server, what they are now. http://www.zabbix.com/rn2.0.11.php Also solves 3 security issues : - [ZBX-7703] fixed being able to switch users without proper credentials when using HTTP authentication; reference CVE-2014-1682 - [ZBX-6721] fixed LDAP authentication; reference CVE-2013-5572 - [ZBX-7693] fixed admin user being able to update media for other users; reference CVE-2014-1685 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); # http://www.zabbix.com/rn2.0.11.php script_set_attribute( attribute:"see_also", value:"https://www.zabbix.com/rn/rn2.0.11" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1013963" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1061563" ); # https://lists.fedoraproject.org/pipermail/package-announce/2014-May/132376.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?3e6b2ae4" ); script_set_attribute( attribute:"solution", value:"Update the affected zabbix package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:N/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:zabbix"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:19"); script_set_attribute(attribute:"patch_publication_date", value:"2014/04/24"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/05/02"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) \|\| "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^19([^0-9]\|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 19.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC19", reference:"zabbix-2.0.11-3.fc19")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "zabbix"); }

NASL family	CGI abuses
NASL id	ZABBIX_FRONTEND_2_2_2.NASL
description	According to its self-reported version number, the instance of Zabbix listening on the remote host is potentially affected by the following vulnerabilities : - An error exists related to LDAP authentication that could disclose the LDAP bind password. (CVE-2013-5572) - An error exists related to HTTP authentication, the API function
last seen	2020-06-01
modified	2020-06-02
plugin id	72770
published	2014-03-03
reporter	This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/72770
title	Zabbix < 1.8.20 / 2.0.11 / 2.2.2 Multiple Vulnerabilities
code	# # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(72770); script_version("1.7"); script_cvs_date("Date: 2019/11/26"); script_cve_id("CVE-2013-5572", "CVE-2014-1682", "CVE-2014-1685"); script_bugtraq_id(65402, 65446); script_name(english:"Zabbix < 1.8.20 / 2.0.11 / 2.2.2 Multiple Vulnerabilities"); script_summary(english:"Checks Zabbix version"); script_set_attribute(attribute:"synopsis", value: "The remote web application may be affected by multiple vulnerabilities."); script_set_attribute(attribute:"description", value: "According to its self-reported version number, the instance of Zabbix listening on the remote host is potentially affected by the following vulnerabilities : - An error exists related to LDAP authentication that could disclose the LDAP bind password. (CVE-2013-5572) - An error exists related to HTTP authentication, the API function 'user.login' call and user switching that could allow a security bypass. (CVE-2014-1682) - An error exists related to the user type 'Zabbix Admin' that could allow unauthorized application changes that should be reserved only for the user type 'Zabbix Super Admin'. (CVE-2014-1685) Note that Nessus has not tested for thes issues but has instead relied only the version in the Zabbix login page."); script_set_attribute(attribute:"see_also", value:"https://www.zabbix.com/rn/rn1.8.20"); script_set_attribute(attribute:"see_also", value:"http://www.zabbix.com/rn2.0.11.php"); script_set_attribute(attribute:"see_also", value:"https://www.zabbix.com/rn/rn2.2.2"); script_set_attribute(attribute:"see_also", value:"https://support.zabbix.com/browse/ZBX-6721"); script_set_attribute(attribute:"see_also", value:"https://support.zabbix.com/browse/ZBX-7693"); script_set_attribute(attribute:"see_also", value:"https://support.zabbix.com/browse/ZBX-7703"); script_set_attribute(attribute:"solution", value: "Update Zabbix to version 1.8.20, 2.0.11, 2.2.2 or later."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:N/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2014-1685"); script_set_attribute(attribute:"exploitability_ease", value:"No exploit is required"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"vuln_publication_date", value:"2013/06/18"); script_set_attribute(attribute:"patch_publication_date", value:"2014/01/31"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/03/03"); script_set_attribute(attribute:"potential_vulnerability", value:"true"); script_set_attribute(attribute:"plugin_type", value:"remote"); script_set_attribute(attribute:"cpe", value:"cpe:/a:zabbix:zabbix"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"CGI abuses"); script_copyright(english:"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("zabbix_frontend_detect.nasl"); script_require_keys("www/zabbix", "Settings/ParanoidReport"); script_require_ports("Services/www", 80); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("http.inc"); include("webapp_func.inc"); port = get_http_port(default:80, php:TRUE); install = get_install_from_kb(appname:"zabbix", port:port, exit_on_fail:TRUE); ver = install['ver']; dir = install['dir']; install_url = build_url(port:port, qs:dir); if (ver == UNKNOWN_VER) audit(AUDIT_UNKNOWN_WEB_APP_VER, "Zabbix", install_url); if (report_paranoia < 2) audit(AUDIT_PARANOID); if ( (ver =~ "^1\.8\." && ver_compare(ver:ver, fix:'1.8.20', strict:FALSE) < 0) \|\| (ver =~ "^2\.0\." && ver_compare(ver:ver, fix:'2.0.11', strict:FALSE) < 0) \|\| (ver =~ "^2\.2\." && ver_compare(ver:ver, fix:'2.2.2' , strict:FALSE) < 0) ) { if (report_verbosity > 0) { report = '\n URL : ' + install_url + '\n Installed version : ' + ver + '\n Fixed version : 1.8.20 / 2.0.11 / 2.2.2' + '\n'; security_warning(port:port, extra:report); } else security_warning(port); exit(0); } audit(AUDIT_WEB_APP_NOT_AFFECTED, "Zabbix", install_url, ver);

Summary

Vulnerable Configurations

Nessus

References