Debian Bug report logs - #452682
zabbix-agent runs as user 'zabbix' with gid=0 (root), configuring additional groups doesn't work

version graph

Package: zabbix-agent; Maintainer for zabbix-agent is Christoph Haas <haas@debian.org>; Source for zabbix-agent is src:zabbix.

Reported by: Bas van Schaik <bas@tuxes.nl>

Date: Sat, 24 Nov 2007 14:54:02 UTC

Severity: important

Tags: moreinfo, patch, security

Found in version zabbix/1:1.1.4-10

Fixed in versions zabbix/1:1.4.2-4, zabbix/1:1.4.1-4+lenny1, zabbix/1:1.1.4-10etch1

Done: Michael Ablassmeier <abi@debian.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, Zabbix Maintainers <kobold-zabbix@debian.org>:
Bug#452682; Package zabbix-agent. Full text and rfc822 format available.

Acknowledgement sent to Bas van Schaik <bas@tuxes.nl>:
New Bug report received and forwarded. Copy sent to Zabbix Maintainers <kobold-zabbix@debian.org>. Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: Bas van Schaik <bas@tuxes.nl>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: zabbix-agent runs as user 'zabbix' with gid=0 (root), configuring additional groups doesn't work
Date: Sat, 24 Nov 2007 15:43:40 +0100
Package: zabbix-agent
Version: 1:1.1.4-10
Severity: important

The zabbix-agentd process runs as user 'zabbix' by default, which is of
course very desirable. However, the process' gid defaults to 0 (root)
which did really surprise me. On systems using this group for
administrative purposes, this (unconfigurable) default can yield a
significant security risk.

This weird behaviour has another downside: it is impossible to configure
additional groups for the zabbix-agentd process. Say you want a
zabbix-agent script to parse some logfiles in /var/log, it is impossible
to achieve this by only configuring the 'zabbix' user in group 'adm'.

-- System Information:
Debian Release: 4.0
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: i386 (i686)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.18-4-xen-686
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)

Versions of packages zabbix-agent depends on:
ii  adduser                     3.102        Add and remove users and groups
ii  debconf [debconf-2.0]       1.5.11       Debian configuration management sy
ii  libc6                       2.3.6.ds1-13 GNU C Library: Shared libraries
ii  libldap2                    2.1.30-13.3  OpenLDAP libraries
ii  logrotate                   3.7.1-3      Log rotation utility
ii  ucf                         2.0020       Update Configuration File: preserv

zabbix-agent recommends no packages.

-- debconf information:
  zabbix-agent/server:




Information forwarded to debian-bugs-dist@lists.debian.org, Zabbix Maintainers <kobold-zabbix@debian.org>:
Bug#452682; Package zabbix-agent. Full text and rfc822 format available.

Acknowledgement sent to Michael Ablassmeier <abi@grinser.de>:
Extra info received and forwarded to list. Copy sent to Zabbix Maintainers <kobold-zabbix@debian.org>. Full text and rfc822 format available.

Message #10 received at 452682@bugs.debian.org (full text, mbox):

From: Michael Ablassmeier <abi@grinser.de>
To: Bas van Schaik <bas@tuxes.nl>, 452682@bugs.debian.org
Cc: control@bugs.debian.org
Subject: Re: Bug#452682: zabbix-agent runs as user 'zabbix' with gid=0 (root), configuring additional groups doesn't work
Date: Sat, 24 Nov 2007 20:19:11 +0100
tags 452682 + moreinfo
tags 452682 + unreproducible
thanks

hi Bas,

On Sat, Nov 24, 2007 at 03:43:40PM +0100, Bas van Schaik wrote:
> The zabbix-agentd process runs as user 'zabbix' by default, which is of
> course very desirable. However, the process' gid defaults to 0 (root)
> which did really surprise me. On systems using this group for
> administrative purposes, this (unconfigurable) default can yield a
> significant security risk.

i cant reproduce this. Installing zabbix-agent on a etch sytem results
in an agent running with uid and gid set to zabbix:

root@k:/tmp# ps -G zabbix -o user,group,pid
USER     GROUP      PID
zabbix   zabbix   32428
zabbix   zabbix   32429

looking at the sourcecode, zabbix does setgid and setuid if started
as root, can you confirm you dont have a error message telling you
about a failed setgid in your agents log? 

       /* running as root ?*/
        if((getuid()==0) || (getgid()==0))
        {
                pwd = getpwnam("zabbix");
                if ( pwd == NULL )
                {
                        fprintf(stderr,"User zabbix does not exist.\n");
                        fprintf(stderr, "Cannot run as root !\n");
                        exit(FAIL);
                }
                if( (setgid(pwd->pw_gid) ==-1) || (setuid(pwd->pw_uid) == -1) )
                {
                        fprintf(stderr,"Cannot setgid or setuid to zabbix [%s]\n", strerror(errno));
                        exit(FAIL);
                }

bye,
    - michael




Tags added: moreinfo Request was from Michael Ablassmeier <abi@grinser.de> to control@bugs.debian.org. (Sat, 24 Nov 2007 19:21:05 GMT) Full text and rfc822 format available.

Tags added: unreproducible Request was from Michael Ablassmeier <abi@grinser.de> to control@bugs.debian.org. (Sat, 24 Nov 2007 19:21:06 GMT) Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, Zabbix Maintainers <kobold-zabbix@debian.org>:
Bug#452682; Package zabbix-agent. Full text and rfc822 format available.

Acknowledgement sent to Bas van Schaik <bas@tuxes.nl>:
Extra info received and forwarded to list. Copy sent to Zabbix Maintainers <kobold-zabbix@debian.org>. Full text and rfc822 format available.

Message #19 received at 452682@bugs.debian.org (full text, mbox):

From: Bas van Schaik <bas@tuxes.nl>
To: 452682@bugs.debian.org
Cc: Michael Ablassmeier <abi@grinser.de>
Subject: Re: Bug#452682: zabbix-agent runs as user 'zabbix' with gid=0 (root), configuring additional groups doesn't work
Date: Sun, 25 Nov 2007 12:21:17 +0100
Hi Michael,

I'm sorry, I should have been a little bit more clear about this. The
zabbix_agentd process runs as zabbix:zabbix indeed, but the so called
"UserParameter" scripts run with user:group zabbix:root. Or at least,
this is the output of such a script calling `id`:
> uid=110(zabbix) gid=111(zabbix) groups=0(root)
Where is the 'root' group coming from? The user 'zabbix' certainly is
_not_ in the group 'root' on my servers!

So you're right: this bug is actually not related to the zabbix_agentd
process, but to the scripts invoked by that process. The same holds for
the problem with additional groups. Check the output of `id zabbix`
invoked on a simple root shell and compare it to the output of the
UserParameter script:
> uid=110(zabbix) gid=111(zabbix) groups=111(zabbix),4(adm)
Note that the user 'zabbix' actually is in the group 'adm': this way it
is able to read mail logfiles from /var/log. However, the group 'adm'
has disappeared from the `id` output from the UserParameter script?

Regards!





Information forwarded to debian-bugs-dist@lists.debian.org, Zabbix Maintainers <kobold-zabbix@debian.org>:
Bug#452682; Package zabbix-agent. Full text and rfc822 format available.

Acknowledgement sent to Michael Ablassmeier <abi@grinser.de>:
Extra info received and forwarded to list. Copy sent to Zabbix Maintainers <kobold-zabbix@debian.org>. Full text and rfc822 format available.

Message #24 received at 452682@bugs.debian.org (full text, mbox):

From: Michael Ablassmeier <abi@grinser.de>
To: Bas van Schaik <bas@tuxes.nl>, 452682@bugs.debian.org
Subject: Re: Bug#452682: zabbix-agent runs as user 'zabbix' with gid=0 (root), configuring additional groups doesn't work
Date: Sun, 25 Nov 2007 14:19:46 +0100
hi Bas,

On Sun, Nov 25, 2007 at 12:21:17PM +0100, Bas van Schaik wrote:
> I'm sorry, I should have been a little bit more clear about this. The
> zabbix_agentd process runs as zabbix:zabbix indeed, but the so called
> "UserParameter" scripts run with user:group zabbix:root. Or at least,
> this is the output of such a script calling `id`:
> > uid=110(zabbix) gid=111(zabbix) groups=0(root)
> Where is the 'root' group coming from? The user 'zabbix' certainly is
> _not_ in the group 'root' on my servers!

i think this is due to the fact that the zabbix_agentd process only uses
setuid/setgid to drop its privileges. Now i think on linux, if setuid is
invoked from an user with uid 0, the old uid/gid is saved to the saved
set-uid/gid.

The agent uses popen in order to execute the UserCommands. I think popen just
as exec* resets the gid to the saved-set-gid, which is then 0, thus the
executed programm ends up with gid set to root.

Not sure if this is actually wanted by the zabbix devs, im going to have a talk
about this with upstream.

bye,
	- michael




Information forwarded to debian-bugs-dist@lists.debian.org, Zabbix Maintainers <kobold-zabbix@debian.org>:
Bug#452682; Package zabbix-agent. Full text and rfc822 format available.

Acknowledgement sent to Michael Ablassmeier <abi@grinser.de>:
Extra info received and forwarded to list. Copy sent to Zabbix Maintainers <kobold-zabbix@debian.org>. Full text and rfc822 format available.

Message #29 received at 452682@bugs.debian.org (full text, mbox):

From: Michael Ablassmeier <abi@grinser.de>
To: Bas van Schaik <bas@tuxes.nl>, 452682@bugs.debian.org
Subject: Re: Bug#452682: zabbix-agent runs as user 'zabbix' with gid=0 (root), configuring additional groups doesn't work
Date: Sun, 25 Nov 2007 15:01:15 +0100
hi again,

On Sun, Nov 25, 2007 at 02:19:46PM +0100, Michael Ablassmeier wrote:
> The agent uses popen in order to execute the UserCommands. I think popen just
> as exec* resets the gid to the saved-set-gid, which is then 0, thus the
> executed programm ends up with gid set to root.

just a short example of whats happening and how to reproduce this:

 > #include <sys/types.h>
 > #include <unistd.h>
 > #include <pwd.h>
 > #include <stdio.h>
 > 
 > int main() {
 >         struct passwd           *pw;
 >         pw = getpwnam("abi");
 >         FILE *pipe;
 >         char buf[25];
 >         setgid(pw->pw_gid);
 >         setuid(pw->pw_uid);
 > 
 >         printf("my gid: %d\n", getegid());
 >         printf("my uid: %d\n", getuid());
 > 
 >         pipe = popen("/usr/bin/id", "r");
 >         while (fgets(buf, sizeof buf, pipe)) {
 >                 printf("%s", buf);
 >         }
 >         printf("\n");
 >         pclose(pipe);
 > }

root@radiohead:~# ./a.out 
my gid: 1000
my uid: 1000
uid=1000(abi) gid=1000(abi) groups=0(root),102(lpadmin),1001(wheel)

bye,
	- michael




Information forwarded to debian-bugs-dist@lists.debian.org, Zabbix Maintainers <kobold-zabbix@debian.org>:
Bug#452682; Package zabbix-agent. Full text and rfc822 format available.

Acknowledgement sent to Michael Ablassmeier <abi@grinser.de>:
Extra info received and forwarded to list. Copy sent to Zabbix Maintainers <kobold-zabbix@debian.org>. Full text and rfc822 format available.

Message #34 received at 452682@bugs.debian.org (full text, mbox):

From: Michael Ablassmeier <abi@grinser.de>
To: Bas van Schaik <bas@tuxes.nl>, 452682@bugs.debian.org
Subject: Re: Bug#452682: zabbix-agent runs as user 'zabbix' with gid=0 (root), configuring additional groups doesn't work
Date: Sun, 25 Nov 2007 15:34:50 +0100
and hi, yet again,

On Sun, Nov 25, 2007 at 03:01:15PM +0100, Michael Ablassmeier wrote:
> On Sun, Nov 25, 2007 at 02:19:46PM +0100, Michael Ablassmeier wrote:
> > The agent uses popen in order to execute the UserCommands. I think popen just
> > as exec* resets the gid to the saved-set-gid, which is then 0, thus the
> > executed programm ends up with gid set to root.
> 
> just a short example of whats happening and how to reproduce this:
> 
>  > #include <sys/types.h>
>  > #include <unistd.h>
>  > #include <pwd.h>
>  > #include <stdio.h>
>  > 
>  > int main() {
>  >         struct passwd           *pw;
>  >         pw = getpwnam("abi");
>  >         FILE *pipe;
>  >         char buf[25];
>  >         setgid(pw->pw_gid);
>  >         setuid(pw->pw_uid);

i think the solution here is to use initgroups, which does set the right group
settings, like:

	setgid(..);
	initgroups(..,..);
	setuid(..);

 root@radiohead:~# ./a.out 
 my gid: 1000
 my uid: 1000
 uid=1000(abi) gid=1000(abi) groups=1000(abi)

 root@radiohead:~# ./a.out 
 my gid: 1000
 my uid: 1000
 cat: /tmp/file: Permission denied
 
 root@radiohead:~# ls -alh /tmp/file 
 -rw-r----- 1 root root 7 Nov 25 15:13 /tmp/file

so, i think the zabbix_agentd should use initgroups() in order to set its
group information, im going to forward this to upstream.

bye,
	- michael




Information forwarded to debian-bugs-dist@lists.debian.org, Zabbix Maintainers <kobold-zabbix@debian.org>:
Bug#452682; Package zabbix-agent. Full text and rfc822 format available.

Acknowledgement sent to Michael Ablassmeier <abi@grinser.de>:
Extra info received and forwarded to list. Copy sent to Zabbix Maintainers <kobold-zabbix@debian.org>. Full text and rfc822 format available.

Message #39 received at 452682@bugs.debian.org (full text, mbox):

From: Michael Ablassmeier <abi@grinser.de>
To: 452682@bugs.debian.org, Bas van Schaik <bas@tuxes.nl>
Subject: Re: Bug#452682: zabbix-agent runs as user 'zabbix' with gid=0 (root), configuring additional groups doesn't work
Date: Sun, 25 Nov 2007 15:55:13 +0100
[Message part 1 (text/plain, inline)]
hi again,

On Sun, Nov 25, 2007 at 03:01:15PM +0100, Michael Ablassmeier wrote:
> On Sun, Nov 25, 2007 at 02:19:46PM +0100, Michael Ablassmeier wrote:
> > The agent uses popen in order to execute the UserCommands. I think popen just
> > as exec* resets the gid to the saved-set-gid, which is then 0, thus the
> > executed programm ends up with gid set to root.

initgroups() is the way to go.
Attached patch should fix this issue.

bye,
	- michael
[initgroups.diff (text/x-diff, attachment)]

Tags removed: unreproducible Request was from Michael Ablassmeier <abi@debian.org> to control@bugs.debian.org. (Sun, 25 Nov 2007 15:03:05 GMT) Full text and rfc822 format available.

Tags added: patch Request was from Michael Ablassmeier <abi@debian.org> to control@bugs.debian.org. (Sun, 25 Nov 2007 15:03:07 GMT) Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, Zabbix Maintainers <kobold-zabbix@debian.org>:
Bug#452682; Package zabbix-agent. Full text and rfc822 format available.

Acknowledgement sent to Bas van Schaik <bas@tuxes.nl>:
Extra info received and forwarded to list. Copy sent to Zabbix Maintainers <kobold-zabbix@debian.org>. Full text and rfc822 format available.

Message #48 received at 452682@bugs.debian.org (full text, mbox):

From: Bas van Schaik <bas@tuxes.nl>
To: 452682@bugs.debian.org
Cc: Michael Ablassmeier <abi@grinser.de>
Subject: Re: Bug#452682: zabbix-agent runs as user 'zabbix' with gid=0 (root), configuring additional groups doesn't work
Date: Sun, 25 Nov 2007 16:40:10 +0100
Thanks for the quick fix, Michael! I hope upstream will fix this soon so
the patch will appear in testing.




Information forwarded to debian-bugs-dist@lists.debian.org, Zabbix Maintainers <kobold-zabbix@debian.org>:
Bug#452682; Package zabbix-agent. Full text and rfc822 format available.

Acknowledgement sent to "Thijs Kinkhorst" <thijs@debian.org>:
Extra info received and forwarded to list. Copy sent to Zabbix Maintainers <kobold-zabbix@debian.org>. Full text and rfc822 format available.

Message #53 received at 452682@bugs.debian.org (full text, mbox):

From: "Thijs Kinkhorst" <thijs@debian.org>
To: "Michael Ablassmeier" <abi@grinser.de>
Cc: team@security.debian.org, 452682@bugs.debian.org, bas@tuxes.nl
Subject: Re: zabbix - zabbix-agent: UserParameters are execuited with gid 0
Date: Thu, 29 Nov 2007 10:02:18 +0100 (CET)
Hi Michael,

On Wed, November 28, 2007 17:48, Michael Ablassmeier wrote:
> to be a bit more specific about this:
>
> an privileged user (root) may configure an UserParameter like this one in
>  /etc/zabbix/zabbix-agentd.conf (hard core example):
>
>
> UserParameter=cat[*],cat $1

Thank you for contacting us about it. It's definitely a bug which should
be fixed, but I'm trying to assess whether it's severe enough to warrant a
DSA.

Zabbix is a monitoring tool. I would therefore assume that zabbix' users
already have quite a level of implied trust; it's not quite common that a
random user has access to zabbix and can exectute commands, right? Or am I
missing something?


thanks,
Thijs







Information forwarded to debian-bugs-dist@lists.debian.org, Zabbix Maintainers <kobold-zabbix@debian.org>:
Bug#452682; Package zabbix-agent. Full text and rfc822 format available.

Acknowledgement sent to Michael Ablassmeier <abi@grinser.de>:
Extra info received and forwarded to list. Copy sent to Zabbix Maintainers <kobold-zabbix@debian.org>. Full text and rfc822 format available.

Message #58 received at 452682@bugs.debian.org (full text, mbox):

From: Michael Ablassmeier <abi@grinser.de>
To: Thijs Kinkhorst <thijs@debian.org>, 452682@bugs.debian.org
Subject: Re: Bug#452682: zabbix - zabbix-agent: UserParameters are execuited with gid 0
Date: Thu, 29 Nov 2007 10:21:04 +0100
hi Thijs,

On Thu, Nov 29, 2007 at 10:02:18AM +0100, Thijs Kinkhorst wrote:
> On Wed, November 28, 2007 17:48, Michael Ablassmeier wrote:
> > to be a bit more specific about this:
> >
> > an privileged user (root) may configure an UserParameter like this one in
> >  /etc/zabbix/zabbix-agentd.conf (hard core example):
> >
> >
> > UserParameter=cat[*],cat $1
> 
> Thank you for contacting us about it. It's definitely a bug which should
> be fixed, but I'm trying to assess whether it's severe enough to warrant a
> DSA.

im not sure either .. 

> Zabbix is a monitoring tool. I would therefore assume that zabbix' users
> already have quite a level of implied trust; it's not quite common that a
> random user has access to zabbix and can exectute commands, right? Or am I
> missing something?

well, its not like random users have access to the zabbix frontend, thats right.
So they indeed have a good level of trust (or should have). However, its still
possible for them to root remote machines, given the fact the zabbix admin
gives them access to the item configuration and there is an flexible user
parameter ..

If you guys decide its not worth a DSA, im going to upload a fixed version to
stable-propsed-updates - or something.

bye,
    - michael




Tags added: security Request was from Thijs Kinkhorst <thijs@debian.org> to control@bugs.debian.org. (Fri, 30 Nov 2007 17:00:05 GMT) Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, Zabbix Maintainers <kobold-zabbix@debian.org>:
Bug#452682; Package zabbix-agent. Full text and rfc822 format available.

Acknowledgement sent to Thijs Kinkhorst <thijs@debian.org>:
Extra info received and forwarded to list. Copy sent to Zabbix Maintainers <kobold-zabbix@debian.org>. Full text and rfc822 format available.

Message #65 received at 452682@bugs.debian.org (full text, mbox):

From: Thijs Kinkhorst <thijs@debian.org>
To: Michael Ablassmeier <abi@grinser.de>
Cc: 452682@bugs.debian.org
Subject: Re: Bug#452682: zabbix - zabbix-agent: UserParameters are execuited with gid 0
Date: Tue, 4 Dec 2007 12:20:33 +0100
[Message part 1 (text/plain, inline)]
On Thursday 29 November 2007 10:21, Michael Ablassmeier wrote:
> well, its not like random users have access to the zabbix frontend, thats
> right. So they indeed have a good level of trust (or should have). However,
> its still possible for them to root remote machines, given the fact the
> zabbix admin gives them access to the item configuration and there is an
> flexible user parameter ..

This is CVE id CVE-2007-6210, please reference it in any changelogs and 
announcements. Could you also ask upstream to put it into their changelog and 
announcement?

The DSA is ready, except for some buildd issues.


Thijs
[Message part 2 (application/pgp-signature, inline)]

Reply sent to Michael Ablassmeier <abi@debian.org>:
You have taken responsibility. Full text and rfc822 format available.

Notification sent to Bas van Schaik <bas@tuxes.nl>:
Bug acknowledged by developer. Full text and rfc822 format available.

Message #70 received at 452682-close@bugs.debian.org (full text, mbox):

From: Michael Ablassmeier <abi@debian.org>
To: 452682-close@bugs.debian.org
Subject: Bug#452682: fixed in zabbix 1:1.4.2-4
Date: Thu, 06 Dec 2007 08:47:05 +0000
Source: zabbix
Source-Version: 1:1.4.2-4

We believe that the bug you reported is fixed in the latest version of
zabbix, which is due to be installed in the Debian FTP archive:

zabbix-agent_1.4.2-4_amd64.deb
  to pool/main/z/zabbix/zabbix-agent_1.4.2-4_amd64.deb
zabbix-frontend-php_1.4.2-4_all.deb
  to pool/main/z/zabbix/zabbix-frontend-php_1.4.2-4_all.deb
zabbix-server-mysql_1.4.2-4_amd64.deb
  to pool/main/z/zabbix/zabbix-server-mysql_1.4.2-4_amd64.deb
zabbix-server-pgsql_1.4.2-4_amd64.deb
  to pool/main/z/zabbix/zabbix-server-pgsql_1.4.2-4_amd64.deb
zabbix_1.4.2-4.diff.gz
  to pool/main/z/zabbix/zabbix_1.4.2-4.diff.gz
zabbix_1.4.2-4.dsc
  to pool/main/z/zabbix/zabbix_1.4.2-4.dsc



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 452682@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Michael Ablassmeier <abi@debian.org> (supplier of updated zabbix package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Thu, 06 Dec 2007 09:12:19 +0100
Source: zabbix
Binary: zabbix-server-mysql zabbix-agent zabbix-server-pgsql zabbix-frontend-php
Architecture: source all amd64
Version: 1:1.4.2-4
Distribution: unstable
Urgency: high
Maintainer: abi@grinser.de
Changed-By: Michael Ablassmeier <abi@debian.org>
Description: 
 zabbix-agent - software for monitoring of your networks -- agent
 zabbix-frontend-php - software for monitoring of your servers -- php frontend
 zabbix-server-mysql - software for monitoring of your networks -- server
 zabbix-server-pgsql - software for monitoring of your networks -- server
Closes: 452682
Changes: 
 zabbix (1:1.4.2-4) unstable; urgency=high
 .
   * Fix execution of UserParameter with gid 0.
     Closes: #452682 (CVE-2007-6210)
Files: 
 390764aa4620b9967dbebb45d933b4eb 859 net optional zabbix_1.4.2-4.dsc
 5ed5dcb89312da96432cd38ad438535f 20203 net optional zabbix_1.4.2-4.diff.gz
 125ce82c9baebe99729abf368f02a04c 166962 net optional zabbix-agent_1.4.2-4_amd64.deb
 11b5ac1d476aeb740d603c85647599ef 320548 net optional zabbix-server-mysql_1.4.2-4_amd64.deb
 419cad8b30a03dd694e01a6aa8cc7646 320542 net optional zabbix-server-pgsql_1.4.2-4_amd64.deb
 b88c0eadc3dce38ca97429a844f19be3 969134 net optional zabbix-frontend-php_1.4.2-4_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFHV7LQEFV7g4B8rCURAnsrAKCNdSD4yUm+67oC2IclslQWimW0jwCfVAz4
TtL3qaXL50WBCgkuJMvlvzc=
=htbI
-----END PGP SIGNATURE-----





Reply sent to Michael Ablassmeier <abi@debian.org>:
You have taken responsibility. Full text and rfc822 format available.

Notification sent to Bas van Schaik <bas@tuxes.nl>:
Bug acknowledged by developer. Full text and rfc822 format available.

Message #75 received at 452682-close@bugs.debian.org (full text, mbox):

From: Michael Ablassmeier <abi@debian.org>
To: 452682-close@bugs.debian.org
Subject: Bug#452682: fixed in zabbix 1:1.4.1-4+lenny1
Date: Thu, 06 Dec 2007 17:32:05 +0000
Source: zabbix
Source-Version: 1:1.4.1-4+lenny1

We believe that the bug you reported is fixed in the latest version of
zabbix, which is due to be installed in the Debian FTP archive:

zabbix-agent_1.4.1-4+lenny1_amd64.deb
  to pool/main/z/zabbix/zabbix-agent_1.4.1-4+lenny1_amd64.deb
zabbix-frontend-php_1.4.1-4+lenny1_all.deb
  to pool/main/z/zabbix/zabbix-frontend-php_1.4.1-4+lenny1_all.deb
zabbix-server-mysql_1.4.1-4+lenny1_amd64.deb
  to pool/main/z/zabbix/zabbix-server-mysql_1.4.1-4+lenny1_amd64.deb
zabbix-server-pgsql_1.4.1-4+lenny1_amd64.deb
  to pool/main/z/zabbix/zabbix-server-pgsql_1.4.1-4+lenny1_amd64.deb
zabbix_1.4.1-4+lenny1.diff.gz
  to pool/main/z/zabbix/zabbix_1.4.1-4+lenny1.diff.gz
zabbix_1.4.1-4+lenny1.dsc
  to pool/main/z/zabbix/zabbix_1.4.1-4+lenny1.dsc



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 452682@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Michael Ablassmeier <abi@debian.org> (supplier of updated zabbix package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Thu, 06 Dec 2007 09:45:01 +0100
Source: zabbix
Binary: zabbix-server-mysql zabbix-agent zabbix-server-pgsql zabbix-frontend-php
Architecture: source all amd64
Version: 1:1.4.1-4+lenny1
Distribution: testing-security
Urgency: high
Maintainer: abi@grinser.de
Changed-By: Michael Ablassmeier <abi@debian.org>
Description: 
 zabbix-agent - software for monitoring of your networks -- agent
 zabbix-frontend-php - software for monitoring of your servers -- php frontend
 zabbix-server-mysql - software for monitoring of your networks -- server
 zabbix-server-pgsql - software for monitoring of your networks -- server
Closes: 452682
Changes: 
 zabbix (1:1.4.1-4+lenny1) testing-security; urgency=high
 .
   * Fix UserParameter execution with gid 0
     Closes: #452682 (CVE-2007-6210)
Files: 
 a5ddea84a53ac1a9a2458663385af267 873 net optional zabbix_1.4.1-4+lenny1.dsc
 c9e9a12eeb3ae784075cb7899f200889 3246817 net optional zabbix_1.4.1.orig.tar.gz
 a9a0b0079ec816560dfd0841e49134da 19531 net optional zabbix_1.4.1-4+lenny1.diff.gz
 df69fb5317a3836e2eb5d9627cfcc458 161976 net optional zabbix-agent_1.4.1-4+lenny1_amd64.deb
 b97b2d988821fcffde550a075d55bb7f 285228 net optional zabbix-server-mysql_1.4.1-4+lenny1_amd64.deb
 544c2ee6ccc0e66ce83be9e720e5d0d9 285282 net optional zabbix-server-pgsql_1.4.1-4+lenny1_amd64.deb
 fdf566daeb06515ea62bac8b513833e4 953314 net optional zabbix-frontend-php_1.4.1-4+lenny1_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFHV7qWEFV7g4B8rCURApf5AJ9oJ1ssrsn+RknHsiFR8vBmCygeQQCdGzoP
5cfQjlEMz+o8YSDkSeenLIE=
=pwPx
-----END PGP SIGNATURE-----





Reply sent to Michael Ablassmeier <abi@debian.org>:
You have taken responsibility. Full text and rfc822 format available.

Notification sent to Bas van Schaik <bas@tuxes.nl>:
Bug acknowledged by developer. Full text and rfc822 format available.

Message #80 received at 452682-close@bugs.debian.org (full text, mbox):

From: Michael Ablassmeier <abi@debian.org>
To: 452682-close@bugs.debian.org
Subject: Bug#452682: fixed in zabbix 1:1.1.4-10etch1
Date: Thu, 20 Dec 2007 19:54:09 +0000
Source: zabbix
Source-Version: 1:1.1.4-10etch1

We believe that the bug you reported is fixed in the latest version of
zabbix, which is due to be installed in the Debian FTP archive:

zabbix-agent_1.1.4-10etch1_amd64.deb
  to pool/main/z/zabbix/zabbix-agent_1.1.4-10etch1_amd64.deb
zabbix-frontend-php_1.1.4-10etch1_all.deb
  to pool/main/z/zabbix/zabbix-frontend-php_1.1.4-10etch1_all.deb
zabbix-server-mysql_1.1.4-10etch1_amd64.deb
  to pool/main/z/zabbix/zabbix-server-mysql_1.1.4-10etch1_amd64.deb
zabbix-server-pgsql_1.1.4-10etch1_amd64.deb
  to pool/main/z/zabbix/zabbix-server-pgsql_1.1.4-10etch1_amd64.deb
zabbix_1.1.4-10etch1.diff.gz
  to pool/main/z/zabbix/zabbix_1.1.4-10etch1.diff.gz
zabbix_1.1.4-10etch1.dsc
  to pool/main/z/zabbix/zabbix_1.1.4-10etch1.dsc



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 452682@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Michael Ablassmeier <abi@debian.org> (supplier of updated zabbix package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Mon,  3 Dec 2007 08:09:25 +0000
Source: zabbix
Binary: zabbix-server-mysql zabbix-agent zabbix-server-pgsql zabbix-frontend-php
Architecture: source all amd64
Version: 1:1.1.4-10etch1
Distribution: stable-security
Urgency: high
Maintainer: Zabbix Maintainers <kobold-zabbix@debian.org>
Changed-By: Michael Ablassmeier <abi@debian.org>
Description: 
 zabbix-agent - software for monitoring of your networks -- agent
 zabbix-frontend-php - software for monitoring of your servers -- php frontend
 zabbix-server-mysql - software for monitoring of your networks -- server
 zabbix-server-pgsql - software for monitoring of your networks -- server
Closes: 452682
Changes: 
 zabbix (1:1.1.4-10etch1) stable-security; urgency=high
 .
   * Fix execution of UserParameters with gid 0. (CVE-2007-XXX)
     Closes: #452682
Files: 
 4b021367fae2f83903168622449ac3d5 850 net optional zabbix_1.1.4-10etch1.dsc
 8e733e41506dd34759daba01deeeefd9 1511210 net optional zabbix_1.1.4.orig.tar.gz
 853af44b6fa0f9519710af72d728283b 19016 net optional zabbix_1.1.4-10etch1.diff.gz
 88afd49700d9c27830b144c976d01bbc 121058 net optional zabbix-agent_1.1.4-10etch1_amd64.deb
 84ff800dfeeaaa15b5bc54da2c60d541 187334 net optional zabbix-server-mysql_1.1.4-10etch1_amd64.deb
 f287da9192ed398e4a91eeb466f5d0f2 197896 net optional zabbix-server-pgsql_1.1.4-10etch1_amd64.deb
 2094fd712f01e85f293ffba7628271a3 337552 net optional zabbix-frontend-php_1.1.4-10etch1_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFHU9cdEFV7g4B8rCURAtI5AJ0Zg+P+75vy1qtSRcxIGmWAwniLUACg5os+
7QqXodNn8RdGNGcLypl4sIc=
=1rVC
-----END PGP SIGNATURE-----





Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Fri, 18 Jan 2008 07:36:41 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Fri Apr 25 08:19:08 2014; Machine Name: beach.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.