zabbix-1.6.9-2.AXS3
エラータID: AXSA:2011-372:01
リリース日:
2011/11/30 Wednesday - 12:21
題名:
zabbix-1.6.9-2.AXS3
影響のあるチャネル:
Asianux Server 3 for x86
Asianux Server 3 for x86_64
Severity:
High
Description:
以下の項目について対処しました。<br />
<br />
[Security Fix]<br />
-Zabbixのzabbix_agentdは、/dev/urandomのデバイスに対するvfs.file.cksumコマンドの実行によって、攻撃者がサービス拒否攻撃(CPUリソースの消費)を引き起こす脆弱性があります。(CVE-2011-3263)<br />
<br />
-Zabbixには、攻撃者が不正なsrcfld2パラメータをpopup.phpへ渡しエラーメッセージにあるインストールパスを表示することによって、機密情報を取得する脆弱性があります。(CVE-2011-3264)<br />
<br />
一部CVEの翻訳文はJVNからの引用になります。<br />
http://jvndb.jvn.jp
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2011-3263
zabbix_agentd in Zabbix before 1.8.6 and 1.9.x before 1.9.4 allows context-dependent attackers to cause a denial of service (CPU consumption) by executing the vfs.file.cksum command for a special device, as demonstrated by the /dev/urandom device.
zabbix_agentd in Zabbix before 1.8.6 and 1.9.x before 1.9.4 allows context-dependent attackers to cause a denial of service (CPU consumption) by executing the vfs.file.cksum command for a special device, as demonstrated by the /dev/urandom device.
CVE-2011-3264
Zabbix before 1.8.6 allows remote attackers to obtain sensitive information via an invalid srcfld2 parameter to popup.php, which reveals the installation path in an error message.
Zabbix before 1.8.6 allows remote attackers to obtain sensitive information via an invalid srcfld2 parameter to popup.php, which reveals the installation path in an error message.
CVE-2011-3265
popup.php in Zabbix before 1.8.7 allows remote attackers to read the contents of arbitrary database tables via a modified srctbl parameter.
popup.php in Zabbix before 1.8.7 allows remote attackers to read the contents of arbitrary database tables via a modified srctbl parameter.
追加情報:
N/A
ダウンロード:
SRPMS
- zabbix-1.6.9-2.AXS3.src.rpm
MD5: 1e395dba15b2a8b314e4802dfd57dab5
SHA-256: 7eeed47f9d841a7649f77d41a2a6bc4f45279363cd20c850ac99fda327305311
Size: 7.99 MB
Asianux Server 3 for x86
- zabbix-1.6.9-2.AXS3.i386.rpm
MD5: 6a3741db959c8d9a0a1b72fe6d7b4ee4
SHA-256: afdf8b3144ba8da4692d8182de025df1fd7be4e50b5fc21213e0ff798636e18e
Size: 8.79 kB - zabbix-agent-1.6.9-2.AXS3.i386.rpm
MD5: 57a15456d9065c8790caba43f8878420
SHA-256: cd6ad0fb90ce4a4f2a79d65f5b48993a570ac3b4918ea4c4133fd39595d19a3b
Size: 239.81 kB - zabbix-proxy-1.6.9-2.AXS3.i386.rpm
MD5: b98c5ef65211795e487754fdd49d297d
SHA-256: bd1cbf36d88289d4eeb5f9eb614e856c12646414a81cad5d486037498a37c81b
Size: 60.81 kB - zabbix-proxy-mysql-1.6.9-2.AXS3.i386.rpm
MD5: a50eeb2cffdb16cb8c15436f3c3695b8
SHA-256: 2c0cca9e902c50de71aa83aae2115d04ae54509f5c54604ebe0669c5eb134f6a
Size: 202.62 kB - zabbix-server-1.6.9-2.AXS3.i386.rpm
MD5: e1bf3175450e1124f9cbfe4191112aa8
SHA-256: df5850547a9707f83cc6f4e280c21fa85607c81b51ca6b62c252f597800d9657
Size: 5.63 MB - zabbix-server-mysql-1.6.9-2.AXS3.i386.rpm
MD5: 574b834764edf58d425e3f281b808b82
SHA-256: 875c2981b9ee1b418447d9bf742457f1324a563438bb095e62efee84b604c98a
Size: 235.10 kB - zabbix-web-1.6.9-2.AXS3.i386.rpm
MD5: dd4a6c880d6c0856bfc74af7f87c30cd
SHA-256: 4a7d893d5d7f02ba154094aa899096c36f7889c66754c0f40731d5be56517a50
Size: 1.19 MB - zabbix-web-mysql-1.6.9-2.AXS3.i386.rpm
MD5: 0377e9bb1511d1b426ec4485141f121c
SHA-256: a1d76ab6dc74863eab150238878cb240cf8414cdd43d1f73c863373a82c2189a
Size: 7.12 kB
Asianux Server 3 for x86_64
- zabbix-1.6.9-2.AXS3.x86_64.rpm
MD5: 1e0a69de5b413ed3a0ae6270c7c41784
SHA-256: 02ab94ce98c6c4c18666467140148a7f67c64fcb524a68b2df5640d282b43351
Size: 8.76 kB - zabbix-agent-1.6.9-2.AXS3.x86_64.rpm
MD5: cc78a48fc35508275190e67074b02ee6
SHA-256: 55b72c55f2016a6eee2f8e58361bffdee135495021adfcbd666e691664f67d1a
Size: 242.48 kB - zabbix-proxy-1.6.9-2.AXS3.x86_64.rpm
MD5: 9bdff4789edb7f4ab32a2450b483931a
SHA-256: 5e1b06c4cfe0fed35378f1c47055f2edc69824cd5e044feee1d243e1b886e1ca
Size: 60.75 kB - zabbix-proxy-mysql-1.6.9-2.AXS3.x86_64.rpm
MD5: 60e202fc82d80cd528d6351afdd924bc
SHA-256: 3a301f0b40c74ae1c276df8ebfba830289feaf387626de7a8b67c72b3ab0e60c
Size: 203.06 kB - zabbix-server-1.6.9-2.AXS3.x86_64.rpm
MD5: 6c40fcd31417eea74c567c131569a5c4
SHA-256: da8645d6c4aa20a5e540fda50b6ae7f3690407388ece616874ae264bf3d54d4f
Size: 5.63 MB - zabbix-server-mysql-1.6.9-2.AXS3.x86_64.rpm
MD5: 1fb722f256998e30163ddea26314c256
SHA-256: 62b7908e376d3a5d9ad31c6d3c2eb49523c81caf1e1af2f9ba62f8ea48453791
Size: 233.63 kB - zabbix-web-1.6.9-2.AXS3.x86_64.rpm
MD5: a6b74e78a200e1513f40b3bdebc6bc41
SHA-256: 41ecda38c7a5db41ed74e6902e95ab2ce5fc8f476ad68deadd6f788b67183e64
Size: 1.19 MB - zabbix-web-mysql-1.6.9-2.AXS3.x86_64.rpm
MD5: 292cbd950f09fdbf909685785ec60f1a
SHA-256: 071784260655bd3e972c4ca17feebc0813aeba81ceff07a4bf4df9069dae296a
Size: 7.08 kB