Test Kennung:	1.3.6.1.4.1.25623.1.1.10.2014.0095
Kategorie:	Mageia Linux Local Security Checks
Titel:	Mageia: Security Advisory (MGASA-2014-0095)
Zusammenfassung:	The remote host is missing an update for the 'zabbix' package(s) announced via the MGASA-2014-0095 advisory.
Beschreibung:	Summary: The remote host is missing an update for the 'zabbix' package(s) announced via the MGASA-2014-0095 advisory. Vulnerability Insight: Updated zabbix packages fix security vulnerabilities: Zabbix before 2.0.11 allows remote authenticated users to discover the LDAP bind password by leveraging management-console access and reading the ldap_bind_password value in the HTML source code (CVE-2013-5572). Zabbix before 2.0.11 allows switching users without proper credentials when using HTTP authentication (CVE-2014-1682). In Zabbix before 2.0.11, the admin user is able to update media for other users (CVE-2014-1685). Affected Software/OS: 'zabbix' package(s) on Mageia 3, Mageia 4. Solution: Please install the updated package(s). CVSS Score: 5.5 CVSS Vector: AV:N/AC:L/Au:S/C:N/I:P/A:P
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2013-5572 http://lists.fedoraproject.org/pipermail/package-announce/2014-May/132377.html http://lists.fedoraproject.org/pipermail/package-announce/2014-May/132376.html http://archives.neohapsis.com/archives/fulldisclosure/2013-09/0149.html Common Vulnerability Exposure (CVE) ID: CVE-2014-1682 BugTraq ID: 65402 http://www.securityfocus.com/bid/65402 Common Vulnerability Exposure (CVE) ID: CVE-2014-1685
Copyright	Copyright (C) 2022 Greenbone AG

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.