Summary: | <net-analyzer/zabbix-{1.8.16,2.0.4-r1}: ldap vulnerabilities ZBX-6097 (CVE-2013-1364) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Matthew Marlowe (RETIRED) <mattm> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | mattm |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://support.zabbix.com/browse/ZBX-6097 | ||
Whiteboard: | B4 [glsa] | ||
Package list: | Runtime testing required: | --- |
Description
Matthew Marlowe (RETIRED)
2013-01-18 22:52:39 UTC
Thanks for the report, Matthew. Are one of these versions ready for stabilization? 2.0.4-r1 was keyworded for testing a few days ago...I have been waiting on any bug reports and have yet to receive any....Assuming no problems, it should become the new stable. Let's go ahead and stabilize 2.0.4-r1 now then....I haven't received any new bug reports for it since it was put in ~amd64/~x86 weeks ago. We'll leave 1.8.16 in testing and eventually remove 1.8.15 amd64 stable x86 stable GLSA vote: yes. Added to existing GLSA draft. This issue was resolved and addressed in GLSA 201311-15 at http://security.gentoo.org/glsa/glsa-201311-15.xml by GLSA coordinator Sergey Popov (pinkbyte). CVE-2013-1364 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1364): The user.login function in Zabbix before 1.8.16 and 2.x before 2.0.5rc1 allows remote attackers to override LDAP configuration via the cnf parameter. |