CVE-2007-6210 - zabbix_agentd 1.1.4 in ZABBIX before 1.4.3 runs "UserParameter" scripts with gid 0, which might allo

CVE-2007-6210

Summary

zabbix_agentd 1.1.4 in ZABBIX before 1.4.3 runs "UserParameter" scripts with gid 0, which might allow local users to gain privileges.

References

Vulnerable Configurations

cpe:2.3:a:zabbix:zabbix_agentd:1.1.4:*:*:*:*:*:*:*
cpe:2.3:a:zabbix:zabbix_agentd:1.1.4:*:*:*:*:*:*:*

CVSS

CWE

CAPEC

Access

Vector	Complexity	Authentication
LOCAL	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	NONE	NONE

cvss-vector via4

AV:L/AC:L/Au:N/C:P/I:N/A:N

refmap via4

bid	26680
confirm	http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=452682 http://www.zabbix.com/forum/showthread.php?t=8400
debian	DSA-1420
fedora	FEDORA-2007-4160 FEDORA-2007-4176
secunia	27903 27948 27978

Last major update

05-09-2008 - 21:32

Published

04-12-2007 - 01:46

Last modified

05-09-2008 - 21:32