Bug 407181 (CVE-2007-6210) - CVE-2007-6210 zabbix "UserParameter" scripts run with zabbix:root
Summary: CVE-2007-6210 zabbix "UserParameter" scripts run with zabbix:root
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2007-6210
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact: Fedora Extras Quality Assurance
URL: http://bugs.debian.org/cgi-bin/bugrep...
Whiteboard:
: 409911 (view as bug list)
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2007-12-01 03:47 UTC by Lubomir Kundrak
Modified: 2015-02-16 15:41 UTC (History)
1 user (show)

Fixed In Version: 1.4.2-4.fc8
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2007-12-06 20:51:18 UTC
Embargoed:

Attachments (Terms of Use)

Description Lubomir Kundrak 2007-12-01 03:47:27 UTC 
Description of problem:

Debian bug #452682 (see URL) describes that "UserParameter" scripts run with
user:group zabbix:root. Could you please check if this also applies for Fedora?
Comment 1 Dan Horák 2007-12-01 08:47:55 UTC 
Yes, it applies, it is a "feature". I am building new packages right now.
Comment 2 Lubomir Kundrak 2007-12-01 11:45:01 UTC 
CVE Identifier was requested.
Comment 3 Lubomir Kundrak 2007-12-01 11:45:33 UTC 
zabbix-1.4.2-3.fc7  	sharkcz  	2007-12-01 02:18:40  	complete
zabbix-1.4.2-4.fc8 	sharkcz 	2007-12-01 02:14:46 	complete
zabbix-1.4.2-4.fc9 	sharkcz 	2007-12-01 02:07:50 	complete
Comment 4 Lubomir Kundrak 2007-12-04 08:59:15 UTC 
*** Bug 409911 has been marked as a duplicate of this bug. ***
Comment 5 Lubomir Kundrak 2007-12-04 09:00:09 UTC 
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6210
Comment 6 Fedora Update System 2007-12-06 20:49:40 UTC 
zabbix-1.4.2-3.fc7 has been pushed to the Fedora 7 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 7 Fedora Update System 2007-12-06 20:51:16 UTC 
zabbix-1.4.2-4.fc8 has been pushed to the Fedora 8 stable repository.  If problems still persist, please make note of it in this bug report.
Note You need to log in before you can comment on or make changes to this bug.