Test Kennung:	1.3.6.1.4.1.25623.1.1.10.2014.0433
Kategorie:	Mageia Linux Local Security Checks
Titel:	Mageia: Security Advisory (MGASA-2014-0433)
Zusammenfassung:	The remote host is missing an update for the 'zabbix' package(s) announced via the MGASA-2014-0433 advisory.
Beschreibung:	Summary: The remote host is missing an update for the 'zabbix' package(s) announced via the MGASA-2014-0433 advisory. Vulnerability Insight: It was reported that the Zabbix frontend supported an XML data import feature, where on the server it used DOMDocument to parse the XML. By default, DOMDocument also parses the external DTD, which could allow a remote attacker to use a crafted XML file causing Zabbix to read an arbitrary local file, and send the contents of the specified file to a remote server (CVE-2014-3005). Affected Software/OS: 'zabbix' package(s) on Mageia 3, Mageia 4. Solution: Please install the updated package(s). CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2014-3005 BugTraq ID: 68075 http://www.securityfocus.com/bid/68075 http://lists.fedoraproject.org/pipermail/package-announce/2014-June/134885.html http://lists.fedoraproject.org/pipermail/package-announce/2014-June/134909.html http://seclists.org/fulldisclosure/2014/Jun/87 https://web.archive.org/web/20140622034155/http://www.pnigos.com:80/?p=273
Copyright	Copyright (C) 2022 Greenbone AG

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.