| Summary: | <net-analyzer/zabbix-{2.2.14,3.0.5,3.2.0}: Unsanitized input in toggle_ids array in latest.php causes SQL injection | ||
|---|---|---|---|
| Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
| Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
| Status: | RESOLVED FIXED | ||
| Severity: | minor | CC: | alicef, patrick |
| Priority: | Normal | ||
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| URL: | https://bugzilla.redhat.com/show_bug.cgi?id=1367111 | ||
| Whiteboard: | B4 [noglsa] | ||
| Package list: | Runtime testing required: | --- | |
@ Arches, please test and mark stable: =net-analyzer/zabbix-2.2.15 amd64 stable x86 stable. Maintainer(s), please cleanup. Security, please vote. Cleaned in coordination with maintainer (alicef): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e1a18ca5c204792aab0a70ac8303b779cae8a3db GLSA Vote: No |
From ${URL} : It was found that Zabbix 2.2.x, 3.0.x and trunk suffers from a remote SQL injection vulnerability due to a failure to sanitize input in the toggle_ids array in the latest.php page. By exploiting this SQL injection vulnerability, an authenticated attacker (or guest user) is able to gain full access to the database. This would allow an attacker to escalate their privileges to a power user, compromise the database, or execute commands on the underlying database operating system. Although the attacker needs to be authenticated in general, the system could also be at risk if the adversary has no user account. Zabbix offers a guest mode which provides a low privileged default account for users without password. If this guest mode is enabled, the SQL injection vulnerability can be exploited unauthenticated. Upstream bug: https://support.zabbix.com/browse/ZBX-11023 External Reference: http://seclists.org/fulldisclosure/2016/Aug/60 @maintainer(s): since the fixed package is already in the tree, please let us know if it is ready for the stabilization or not.